[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"articles-index":10,"sections":920},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"articles":11},[12,36,56,75,94,114,133,151,168,184,207,226,255,274,295,315,333,349,364,379,396,413,432,450,467,484,502,525,543,559,576,590,608,627,643,664,682,698,715,730,744,762,781,797,815,833,851,868,887,904],{"id":13,"slug":14,"title":15,"dek":16,"body_md":17,"tags_json":18,"published_at":19,"created_at":20,"updated_at":21,"status":22,"review_note":23,"review_notes":24,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":26,"sources":31,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4743,"court-orders-google-to-allow-rival-android-app-stores","Court Orders Google to Allow Rival Android App Stores","After a settlement fell apart in court, Google must open Android to competing app marketplaces by July 22, and it will still collect fees from rivals.","Google will allow rival app stores on Android starting July 22 — the result of a court order, not a change in policy.\n\nGoogle and Epic Games withdrew their proposed settlement this week after the court signaled it would not approve the deal. That leaves a permanent injunction from October 2024 in full effect, requiring Google to open Android to third-party app marketplaces. The stores will be accessible through the Google Play Store itself, and competing marketplaces will pay Google a $5,000 annual fee to participate. Google will also continue collecting its service fee on transactions made through those alternative stores.\n\nThe injunction stems from Epic's antitrust lawsuit, in which a jury found Google had abused its monopoly over Android app distribution — a starkly different outcome than Epic's parallel suit against Apple, which largely went in Apple's favor. Apple is still fighting its own Epic case, expected to be heard in late 2026 or early 2027, and already faces EU pressure under the Digital Markets Act to support alternative marketplaces.\n\nGoogle's statement that withdrawal lets it \"deliver greater app store choice, lower prices, and more opportunities\" is doing a lot of work — this is court-ordered compliance dressed up as a strategic pivot.","[\"android\",\"antitrust\",\"app stores\",\"epic games\"]","2026-07-16T00:02:48.000Z","2026-07-16T00:51:15.235Z","2026-07-16T00:51:18.034Z","published",null,[],"policy",[27,28,29,30],"android","antitrust","app stores","epic games",[32],{"name":33,"url":34},"MacRumors","https:\u002F\u002Fwww.macrumors.com\u002F2026\u002F07\u002F15\u002Fgoogle-third-party-app-stores\u002F",0,{"id":37,"slug":38,"title":39,"dek":40,"body_md":41,"tags_json":42,"published_at":43,"created_at":44,"updated_at":45,"status":22,"review_note":23,"review_notes":46,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":48,"sources":52,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4742,"xai-sues-user-who-allegedly-used-grok-to-generate-csam","xAI Sues User Who Allegedly Used Grok to Generate CSAM","xAI is suing a South Carolina man already facing eight felony CSAM charges, claiming he bypassed Grok's safeguards to generate and distribute the material.","xAI is suing one of its own users over child sexual abuse material allegedly generated with Grok.\n\nThe company filed suit against Terry Wayne Harwood, a South Carolina man arrested in February on eight felony charges for allegedly possessing and distributing CSAM. xAI claims Harwood deliberately bypassed Grok's safety filters to generate and alter the images. The lawsuit alleges that at least some of the material tied to his criminal charges was created or modified using Grok.\n\nAI companies have mostly left enforcement to criminal prosecutors, treating themselves as passive infrastructure. By suing Harwood directly, xAI is positioning itself as an active participant in policing misuse, a posture that may matter more as lawmakers scrutinize what AI providers owe victims of this category of harm.\n\nWhether this is principle or preemption probably depends on what happens to xAI's regulatory exposure next.","[\"ai\",\"csam\",\"legal\",\"xai\"]","2026-07-15T21:33:20.000Z","2026-07-15T23:02:19.612Z","2026-07-15T23:02:22.438Z",[],"ai",[47,49,50,51],"csam","legal","xai",[53],{"name":54,"url":55},"The Verge","https:\u002F\u002Fwww.theverge.com\u002Fai-artificial-intelligence\u002F966293\u002Fxai-grok-user-lawsuit-csam",{"id":57,"slug":58,"title":59,"dek":60,"body_md":61,"tags_json":62,"published_at":63,"created_at":64,"updated_at":65,"status":22,"review_note":23,"review_notes":66,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":67,"sources":71,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4738,"uk-age-checks-are-spreading-but-gaps-remain","UK Age Checks Are Spreading - But Gaps Remain","Ofcom's first major report on the Online Safety Act shows age verification scaling fast, while search engines and dating apps remain weak links.","The UK's age verification push is working — partially.\n\nAbout a year after the Online Safety Act took effect, Ofcom released its first substantive progress report. Between July and December 2025, 69 million age checks were completed across a sample of 32 services — a 23-fold increase from the prior six months. The share of children encountering what Ofcom calls \"highly effective\" age checks rose from 25 to 43 percent between July 2025 and January 2026. All of the UK's top 10 porn sites have now installed age assurance, though only 64 of the top 100 have done so, and Ofcom has opened 23 investigations into providers of 88 adult services.\n\nThe gaps matter as much as the gains. A third of first-page Google results for relevant searches returned porn sites without age checks; the figure was 54 percent on Bing. Ofcom says both companies are cooperating, but the law doesn't actually require search providers to enforce age gates — meaning the most common discovery path for minors is largely voluntary. Dating apps have a separate problem: more than 10 percent of 15 to 17-year-olds still accessed three popular platforms in December 2025 despite checks being in place.\n\nOfcom also took a pointed swipe at age-inference systems — tools that guess a user's age from behavior rather than checking identity — telling social media companies to ditch them in favor of methods it classifies as highly effective. That matters because the UK is preparing a broader under-16 social media ban using similar verification frameworks. Australia tried a comparable ban and researchers found it fell short partly because behavioral age estimation doesn't trigger extra checks for younger users.\n\nOfcom is due to deliver Parliament a definition of what \"highly effective\" over-16 verification looks like by the end of October — the standard the social media ban will likely depend on.","[\"policy\",\"online-safety\",\"age-verification\",\"social-media\"]","2026-07-15T21:30:00.000Z","2026-07-15T21:52:43.253Z","2026-07-15T21:52:45.628Z",[],[25,68,69,70],"online-safety","age-verification","social-media",[72],{"name":73,"url":74},"Mashable","https:\u002F\u002Fmashable.com\u002Flife\u002Fofcom-age-verification-law-report-update",{"id":76,"slug":77,"title":78,"dek":79,"body_md":80,"tags_json":81,"published_at":82,"created_at":83,"updated_at":84,"status":22,"review_note":23,"review_notes":85,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":86,"sources":90,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4737,"court-blocks-deportation-of-content-moderation-researchers","Court Blocks Deportation of Content Moderation Researchers","A federal judge halted a Trump administration policy that used visa rules to target researchers working in misinformation, fact-checking, and trust and safety.","A federal judge has blocked the government from deporting researchers for working in content moderation.\n\nUS District Judge James Boasberg issued a preliminary injunction Tuesday, barring the State Department from enforcing a visa-restriction policy while a lawsuit by the Coalition for Independent Technology Research (CITR) works through the courts. The policy, on its face, does not mandate deportations — it authorizes immigration investigations into individuals suspected of helping foreign adversaries suppress US speech. The administration had used it to pursue green card revocations and removals targeting people in misinformation research, fact-checking, compliance, and trust and safety roles.\n\nThe ruling matters because the policy's framing as a national-security tool gave it unusual reach: immigration enforcement, not content law, became the mechanism for pressuring an entire research field. A preliminary injunction is not a final verdict, but it puts the administration's enforcement on ice while the case proceeds — and signals that at least one federal court finds CITR's legal arguments credible.\n\nThe administration has leaned on immigration levers before to signal displeasure with academic or professional work it finds politically inconvenient. Whether this injunction holds through a full trial is another question — but for now, the researchers stay.","[\"policy\",\"content moderation\",\"immigration\",\"research\"]","2026-07-15T21:26:02.000Z","2026-07-15T21:49:16.867Z","2026-07-15T21:49:19.693Z",[],[25,87,88,89],"content moderation","immigration","research",[91],{"name":92,"url":93},"Ars Technica","https:\u002F\u002Farstechnica.com\u002Ftech-policy\u002F2026\u002F07\u002Fjudge-trump-cant-deport-researchers-just-for-working-in-content-moderation\u002F",{"id":95,"slug":96,"title":97,"dek":98,"body_md":99,"tags_json":100,"published_at":101,"created_at":102,"updated_at":103,"status":22,"review_note":23,"review_notes":104,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":105,"sources":110,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4741,"youtube-says-it-is-not-social-media-to-dodge-addiction-ruling","YouTube Says It Is Not Social Media to Dodge Addiction Ruling","Google's video platform is appealing an addiction verdict by arguing it belongs in a different category than Meta and other social networks.","YouTube is contesting a landmark addiction ruling, and its defense hinges on a technicality: it claims it is not a social media platform.\n\nGoogle's video service has filed an appeal against a court verdict that found it helped hook a child on its app. The appeal follows a similar move by Meta. YouTube's core argument is categorical — it is a video platform, not a social network, and therefore should not be subject to the same findings that ensnared the likes of Facebook and Instagram.\n\nThe distinction matters because the entire liability framework in these addiction cases rests on how courts define \"social media.\" If YouTube can carve out a separate classification, it may escape the legal precedent being built around platforms accused of deliberately engineering compulsive use in minors. That is a high-stakes semantic fight with real consequences for how tech companies are regulated going forward.\n\nIt is worth noting that YouTube features comments, likes, subscriptions, community posts, and algorithmic feeds optimized for engagement — the same mechanics courts have scrutinized in social media addiction cases. Calling it purely a video service is a legal strategy, not a description most users would recognize.","[\"youtube\",\"social media\",\"regulation\",\"big tech\"]","2026-07-15T21:20:51.000Z","2026-07-15T22:59:44.477Z","2026-07-15T22:59:47.432Z",[],[106,107,108,109],"youtube","social media","regulation","big tech",[111],{"name":112,"url":113},"The Next Web","https:\u002F\u002Fthenextweb.com\u002Fnews\u002Fyoutube-appeals-social-media-addiction-verdict",{"id":115,"slug":116,"title":117,"dek":118,"body_md":119,"tags_json":120,"published_at":121,"created_at":122,"updated_at":123,"status":22,"review_note":23,"review_notes":124,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":126,"sources":130,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4736,"windows-zero-day-lets-low-privilege-accounts-hijack-admins","Windows Zero-Day Lets Low-Privilege Accounts Hijack Admins","A researcher dropped working exploit code the same day Microsoft pushed its largest-ever Patch Tuesday, targeting the Windows User Profile Service.","A researcher published a working Windows privilege-escalation exploit on the same day Microsoft shipped a record number of security patches.\n\nThe exploit, called HiveLegacy, targets a vulnerability in the Windows User Profile Service. It lets a low-privilege account modify an administrator's classes registry hive — the part of the registry that controls which application opens a given file type in Windows Explorer. Multiple researchers confirmed the proof-of-concept works. The anonymous researcher behind it, who goes by NightmareEclypse, says they stripped the code down to limit its usefulness to attackers, but described the underlying flaw as a \"pretty powerful primitive.\" This is the ninth such exploit NightmareEclypse has published, each time citing frustration with how Microsoft handles their bug reports.\n\nThe timing is the story. Microsoft just completed what appears to be its largest-ever Patch Tuesday, and a public, confirmed exploit dropped the same afternoon — meaning defenders are already behind before they finish deploying this month's fixes. Privilege-escalation bugs like this one are high-value for attackers because they turn a foothold into full control, often without triggering obvious alerts.\n\nNightmareEclypse has now released nine exploits under what looks like a sustained pressure campaign against Microsoft's vulnerability disclosure process — a reminder that how a company treats security researchers has consequences that land directly on its customers.","[\"windows\",\"security\",\"zero-day\",\"vulnerability\"]","2026-07-15T19:59:48.000Z","2026-07-15T20:48:41.905Z","2026-07-15T20:48:44.861Z",[],"security",[127,125,128,129],"windows","zero-day","vulnerability",[131],{"name":92,"url":132},"https:\u002F\u002Farstechnica.com\u002Fsecurity\u002F2026\u002F07\u002Fwindows-0-day-drops-the-same-day-microsoft-releases-record-number-of-patches\u002F",{"id":134,"slug":135,"title":136,"dek":137,"body_md":138,"tags_json":139,"published_at":140,"created_at":141,"updated_at":142,"status":22,"review_note":23,"review_notes":143,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":144,"sources":148,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4734,"fcc-moves-to-scrap-the-39-tv-ownership-cap","FCC Moves to Scrap the 39% TV Ownership Cap","The FCC plans to replace a hard congressional limit on TV reach with case-by-case reviews, a shift critics say favors Trump-aligned broadcasters.","The FCC is set to vote on eliminating the rule that caps any single broadcast owner's reach at 39 percent of U.S. TV households.\n\nFCC Chairman Brendan Carr announced the plan in an op-ed published on Breitbart. The proposal would scrap the National Television Ownership Rule — a limit set by Congress — and replace it with case-by-case merger reviews, giving the FCC wide discretion over which station groups can exceed the old ceiling. Carr's commission had already been treating the cap loosely: in March, it granted Nexstar Media Group a waiver to acquire Tegna, a deal that pushed Nexstar's reach past 50 percent of TV households. The FCC's justification was that Congress had authorized it to modify or waive the rule.\n\nThat legal argument is the soft underbelly of the whole plan. The 39 percent cap was set by Congress, not the FCC, which means repealing it outright invites a court challenge over whether the agency has that authority. A case-by-case review framework also hands enormous informal power to whoever chairs the FCC — the ability to wave through friendly owners and slow-walk everyone else.\n\nThe pattern fits a broader trend of the Carr FCC using regulatory flexibility to benefit media outlets that cover the administration favorably. Whether that survives judicial scrutiny is a different question — and the litigation calendar may end up mattering more than the vote.","[\"fcc\",\"media\",\"policy\",\"broadcast\"]","2026-07-15T18:52:22.000Z","2026-07-15T19:48:52.049Z","2026-07-15T19:48:55.043Z",[],[145,146,25,147],"fcc","media","broadcast",[149],{"name":92,"url":150},"https:\u002F\u002Farstechnica.com\u002Ftech-policy\u002F2026\u002F07\u002Ffcc-to-repeal-39-tv-ownership-cap-in-boost-for-trump-friendly-news-orgs\u002F",{"id":152,"slug":153,"title":154,"dek":155,"body_md":156,"tags_json":157,"published_at":158,"created_at":159,"updated_at":160,"status":22,"review_note":23,"review_notes":161,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":162,"sources":165,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4733,"hacked-data-reveals-suno-scraped-youtube-deezer-and-genius","Hacked Data Reveals Suno Scraped YouTube, Deezer, and Genius","A hack exposed that Suno trained its AI music generator on millions of scraped songs and lyrics from YouTube Music, Deezer, and Genius.","Leaked internal data confirms Suno built its AI music generator on scraped audio and lyrics from major online platforms — without saying so publicly.\n\nData obtained through a hacking incident and reported by 404 Media shows Suno pulled millions of songs and lyrics from YouTube Music, Deezer, and Genius to train its models. Suno had previously declined to disclose what was in its training datasets or how it acquired them. The company is already facing lawsuits alleging it used copyrighted material without permission, including a case from the Recording Industry Association of America in which Suno reportedly admitted to using copyrighted works.\n\nWhat makes this leak significant is that it pierces the deliberate opacity most AI music companies maintain around training data. Labels and publishers have long suspected scraping was happening at scale — now there is direct evidence of which platforms and how many songs. That shifts the legal calculus in ongoing litigation from speculation to documentation.\n\nSuno is not alone in facing these questions — rival AI music tools have drawn similar scrutiny — but being first to have internal data exposed puts it in the worst possible position heading into court.","[\"ai\",\"music\",\"copyright\",\"legal\"]","2026-07-15T17:48:01.000Z","2026-07-15T18:53:21.319Z","2026-07-15T18:53:24.237Z",[],[47,163,164,50],"music","copyright",[166],{"name":54,"url":167},"https:\u002F\u002Fwww.theverge.com\u002Fai-artificial-intelligence\u002F966072\u002Fsuno-ai-music-training-scraping-youtube-hack",{"id":169,"slug":170,"title":171,"dek":172,"body_md":173,"tags_json":174,"published_at":175,"created_at":176,"updated_at":177,"status":22,"review_note":23,"review_notes":178,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":179,"sources":181,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4735,"google-to-host-rival-app-stores-on-play-starting-next-week","Google to Host Rival App Stores on Play Starting Next Week","A court-ordered remedy, triggered by Epic's 2020 Fortnite dispute, forces Google to distribute competing app stores through Google Play.","Google will begin distributing third-party app stores through Google Play next week — not because it wants to, but because a federal judge said so.\n\nThe settlement between Google and Epic Games is being withdrawn, which activates the remedies Judge James Donato set after finding Google liable for anti-competitive conduct in its management of Android app distribution. Those remedies include reduced fees, mirroring of Google Play apps in rival stores, and — the headline item — placement of competing app stores directly inside Google Play. The case traces back to 2020, when Epic added a direct payment option to the mobile version of Fortnite, bypassing the 30 percent cut Google and Apple each collected on in-app purchases like V-Bucks bundles. Both platforms pulled Fortnite; both faced antitrust suits.\n\nApple walked away from its Epic case largely unscathed. Google did not, in part because Android's theoretical openness made its anti-competitive behavior harder to defend — the evidence showed Google had actively pressured device makers against pre-loading or promoting rival stores, then tried to conceal it. That gap between Android's open-source reputation and Google's behind-the-scenes conduct was damaging in court.\n\nGoogle now faces what Apple has so far avoided: a structural change to how apps reach Android users. Whether any rival store can build a real audience through a Google-mandated listing is a different question — being present on the shelf and actually getting picked up are not the same thing.","[\"google\",\"android\",\"antitrust\",\"app stores\"]","2026-07-15T16:55:12.000Z","2026-07-15T19:50:02.355Z","2026-07-15T19:50:05.297Z",[],[180,27,28,29],"google",[182],{"name":92,"url":183},"https:\u002F\u002Farstechnica.com\u002Fgadgets\u002F2026\u002F07\u002Fthird-party-app-stores-coming-to-google-play-next-week-as-epic-settlement-withdrawn\u002F",{"id":185,"slug":186,"title":187,"dek":188,"body_md":189,"tags_json":190,"published_at":191,"created_at":192,"updated_at":193,"status":22,"review_note":23,"review_notes":194,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":201,"sources":203,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4729,"suno-breach-exposed-code-detailing-how-it-scraped-songs","Suno Breach Exposed Code Detailing How It Scraped Songs","A November hack of AI music startup Suno revealed source code that reportedly shows the company scraped millions of songs without permission.","A hacker broke into Suno's systems and walked out with source code that reportedly documents how the AI music startup built its model on millions of scraped songs.\n\nSuno confirmed the breach occurred in November and said no sensitive personal information was compromised — the company's preferred framing. What the intruder apparently did access was internal code that, according to reports, details the data-collection pipeline Suno used to train its generative music model. The company has not publicly disputed that characterization of what the stolen code contains.\n\nThat matters because Suno is already a defendant in copyright litigation brought by major record labels, who argue the startup trained on their catalogs without licenses or payment. Source code that spells out how a company scraped millions of songs is exactly the kind of evidence that could reshape discovery in that case — or settle the central factual dispute before a court even has to.\n\nSuno joins a growing list of AI companies whose training practices became public not through disclosure, but through a breach or a lawsuit. The lesson so far: the less transparent a company is about what it trained on, the more interesting a hack of its codebase tends to be.","[\"ai\",\"security\",\"copyright\",\"startups\"]","2026-07-15T16:13:15.000Z","2026-07-15T16:50:23.356Z","2026-07-15T16:50:26.154Z",[195],{"id":196,"reviewer":197,"round":198,"reason":199,"status":200},"editor-r1","editor",1,"The body ends without a closing line — the final paragraph cuts off as an open analytical note rather than a complete article, leaving the piece unfinished.","resolved",[47,125,164,202],"startups",[204],{"name":205,"url":206},"Engadget","https:\u002F\u002Fwww.engadget.com\u002F2215772\u002Fa-hacker-accessed-suno-source-code-that-reportedly-details-how-the-company-scraped-millions-of-songs\u002F",{"id":208,"slug":209,"title":210,"dek":211,"body_md":212,"tags_json":213,"published_at":214,"created_at":215,"updated_at":216,"status":22,"review_note":23,"review_notes":217,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":218,"sources":222,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4732,"lawsuit-claims-metas-ai-flagged-sick-workers-for-layoffs","Lawsuit Claims Meta's AI Flagged Sick Workers for Layoffs","A new lawsuit alleges Meta used an AI system to identify employees with medical conditions and route them toward layoffs, which Meta flatly denies.","A lawsuit filed against Meta claims the company used an AI system to identify employees with medical conditions and route them toward layoffs.\n\nThe suit alleges that Meta's workforce reduction decisions were at least partly automated, with an AI tool flagging workers who had disclosed medical conditions for cuts. If substantiated, that would constitute disability discrimination under federal law, a charge that carries significant liability. Meta has denied the allegations in full, calling them \"patently untrue.\" The case is at an early stage, and the plaintiffs' evidence has not yet been made public.\n\nAI-assisted HR tools are common inside large tech companies, and their legal standing is being tested more frequently. Employment decisions made or influenced by algorithms can obscure discriminatory patterns that a manual review might surface immediately, and once a lawsuit forces discovery, internal documentation about how those systems actually work tends to come out. This case could become a vehicle for establishing how much legal exposure companies carry when they delegate workforce decisions to automated systems.\n\nMeta has called the claims baseless, but the more consequential question is whether a court will eventually compel it to open its HR automation stack to scrutiny.","[\"meta\",\"ai\",\"employment\",\"lawsuit\"]","2026-07-15T15:57:03.000Z","2026-07-15T17:11:40.915Z","2026-07-15T17:11:43.695Z",[],[219,47,220,221],"meta","employment","lawsuit",[223],{"name":224,"url":225},"PCMag","https:\u002F\u002Fwww.pcmag.com\u002Fnews\u002Flawsuit-says-metas-ai-targeted-workers-with-medical-conditions-for-layoffs",{"id":227,"slug":228,"title":229,"dek":230,"body_md":231,"tags_json":232,"published_at":233,"created_at":234,"updated_at":235,"status":22,"review_note":23,"review_notes":236,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":247,"sources":251,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4730,"nat-slipstreaming-v20-claims-universal-port-access","NAT Slipstreaming v2.0 Claims Universal Port Access","A researcher claims NAT Slipstreaming v2.0 can expose any TCP or UDP port to remote attackers, but the writeup offers few verifiable details.","A new version of the NAT Slipstreaming attack reportedly gives remote attackers access to any TCP or UDP service behind a firewall.\n\nA writeup on researcher Samy Kamkar's site (Kamkar created the original browser-based NAT bypass technique in 2020) claims the v2.0 variant extends the attack to reach any TCP or UDP port, removing the scope limits of the first version. The post appeared on July 15, 2026 with minimal early engagement. No CVE identifier appears in the public writeup, no browser vendors or router manufacturers are named as affected parties, and no coordinated disclosure timeline is mentioned.\n\nThat matters because the original NAT Slipstreaming forced a rapid response: browser makers patched the technique within months of its disclosure. If v2.0 genuinely sidesteps those fixes and works against any port, the exposure would be significant. But \"remotely access any TCP\u002FUDP service\" is a broad claim, and the writeup has not been independently confirmed.\n\nMinimal engagement on a link aggregator is not a security advisory. Worth monitoring, not acting on.","[\"nat slipstreaming\",\"network security\",\"vulnerability\",\"firewall bypass\"]","2026-07-15T15:46:39.000Z","2026-07-15T16:59:54.990Z","2026-07-15T16:59:57.822Z",[237,239,243],{"id":196,"reviewer":197,"round":198,"reason":238,"status":200},"The article contains no concrete specifics — no dates, no named browser vendors, no named router manufacturers, no CVE identifiers, no affected software versions, and no detail on the coordination or disclosure status — making it indistinguishable from a generic explainer rather than a news article reporting a material development; additionally, the source material is a low-engagement Hacker News link (4 points, 1 comment) pointing to an external URL whose content is not provided, so the factual",{"id":240,"reviewer":197,"round":241,"reason":242,"status":200},"editor-r2",2,"The draft still contains an embedded reporter's note ('so treat the headline claim as unverified until the full technical writeup can be reviewed') that must be removed or replaced with editorial handling before publication, and the open concern from editor-r1 remains unresolved: the draft still lacks concrete specifics — no CVE identifiers, no named browser vendors or router manufacturers, no affected versions, no disclosure status — and the sole source is a 4-point Hacker News post linking to ",{"id":244,"reviewer":197,"round":245,"reason":246,"status":200},"editor-r3",3,"The draft still lacks the concrete specifics required to distinguish a news article from a generic explainer — no CVE identifiers, no named browser vendors or router manufacturers, no affected software versions, no disclosure or coordination status, and no publication date for the v2.0 writeup — and the sole source remains a 4-point Hacker News post whose linked content has not been reviewed, which means the central claim of universal TCP\u002FUDP port access cannot be verified or responsibly reporte",[248,249,129,250],"nat slipstreaming","network security","firewall bypass",[252],{"name":253,"url":254},"Hacker News","https:\u002F\u002Fsa.my\u002Fslipstream\u002F",{"id":256,"slug":257,"title":258,"dek":259,"body_md":260,"tags_json":261,"published_at":262,"created_at":263,"updated_at":264,"status":22,"review_note":23,"review_notes":265,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":266,"sources":270,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4727,"apple-intelligence-clears-china-with-alibabas-qwen-models","Apple Intelligence Clears China With Alibaba's Qwen Models","Chinese regulators approved Apple Intelligence for launch in China, with Alibaba's Qwen AI standing in for Apple's own models.","Apple Intelligence has a path into China, and it runs through Alibaba.\n\nChinese regulators approved Apple's AI services in the country under a partnership with Alibaba, whose Qwen models will power the feature set on Apple operating systems sold there. The deal had been rumored for some time, and the approval marks the first concrete sign that Apple can bring its generative AI platform to one of its largest and most strategically sensitive markets. Apple Intelligence launched elsewhere without Chinese support, leaving a conspicuous gap in the company's global AI rollout.\n\nThe arrangement matters because China is not a market Apple can afford to sideline — it has historically accounted for roughly a fifth of the company's revenue. But it also illustrates the cost of entry: Apple, which built its AI pitch around on-device privacy, must now route Chinese users through a domestic model from a company with deep ties to the Chinese state. That trade-off will not go unnoticed by privacy advocates or by regulators in Brussels and Washington watching how Apple manages its AI partnerships across jurisdictions.\n\nFor Alibaba, the deal is a significant endorsement of Qwen at a moment when Chinese AI labs are competing hard for international credibility — even if this particular win stays behind the Great Firewall.","[\"apple\",\"alibaba\",\"ai\",\"china\"]","2026-07-15T15:29:33.000Z","2026-07-15T16:04:26.106Z","2026-07-15T16:04:29.017Z",[],[267,268,47,269],"apple","alibaba","china",[271],{"name":272,"url":273},"TechCrunch","https:\u002F\u002Ftechcrunch.com\u002F2026\u002F07\u002F15\u002Fapple-intelligence-approved-for-launch-in-china-with-alibabas-qwen-ai\u002F",{"id":275,"slug":276,"title":277,"dek":278,"body_md":279,"tags_json":280,"published_at":281,"created_at":282,"updated_at":283,"status":22,"review_note":23,"review_notes":284,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":287,"sources":291,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4728,"292-fake-github-repos-delivered-a-broad-reach-infostealer","292 Fake GitHub Repos Delivered a Broad-Reach Infostealer","ArcticWolf found hundreds of spoofed repositories pushing a BoryptGrab variant that hits browsers, crypto wallets, and Chrome's App-Bound Encryption.","Hundreds of GitHub repositories disguised as real software spent roughly two weeks quietly draining credentials from anyone who downloaded them.\n\nArcticWolf discovered 292 fake repos — spotted partly because attackers spoofed ArcticWolf's own products — masquerading as security tools, developer utilities, macOS apps, and games. Each came with a convincing README pointing to a download. That download installed a new variant of the BoryptGrab infostealer, which pulls passwords, cookies, and payment data from 19 browsers; sessions from 32 crypto wallets, Telegram, Discord, and Steam; credentials from Meta's Max and Windows Credential Manager; files from Desktop and Documents folders; and screenshots. The variant's standout trick: it bypasses Chrome's App-Bound Encryption via direct code injection into the browser process, a capability not seen in prior BoryptGrab builds.\n\nThe campaign's stolen data routes to command-and-control infrastructure based in Russia — though ArcticWolf stops short of attributing the attack to Russian threat actors specifically, and that distinction matters. The payload scope here is unusually wide: most infostealers focus on browsers and crypto; adding file exfiltration and screenshots in a smash-and-grab package with no persistence mechanism suggests the operators wanted one clean sweep rather than long-term access.\n\nMost of the repos have been pulled, but several dozen reportedly remain active as of this writing — a reminder that GitHub's trust-by-default culture is exactly what makes it a reliable delivery vector for this kind of campaign. Vet the source before you run the binary.","[\"security\",\"malware\",\"github\",\"infostealer\"]","2026-07-15T15:05:00.000Z","2026-07-15T16:05:47.553Z","2026-07-15T16:05:50.346Z",[285],{"id":196,"reviewer":197,"round":198,"reason":286,"status":200},"The article states the malware steals 'sessions from Telegram, Discord, Steam, and Meta's Max' but omits that it also exfiltrates files from Desktop\u002FDocuments, takes screenshots, and pulls from Windows Credential Manager — these are in the source and their omission understates the payload scope; more critically, the article attributes Russian origin to 'Russian-linked attackers' as a direct claim, while the source explicitly says 'it hasn't been specifically said that the threat actors are Russi",[125,288,289,290],"malware","github","infostealer",[292],{"name":293,"url":294},"TechRadar","https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fhundreds-of-github-repos-found-posing-as-real-software-to-push-malware",{"id":296,"slug":297,"title":298,"dek":299,"body_md":300,"tags_json":301,"published_at":302,"created_at":303,"updated_at":304,"status":22,"review_note":23,"review_notes":305,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":308,"sources":311,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4724,"new-york-freezes-large-data-center-builds-for-one-year","New York Freezes Large Data Center Builds for One Year","Governor Hochul's executive order halts hyperscale data center construction at 50 MW or more while Albany writes rules on power, water, and community costs.","New York Governor Kathy Hochul signed an executive order Tuesday halting construction of large data centers drawing 50 megawatts or more for up to one year.\n\nThe pause gives state agencies time to write regulations covering water use, noise, power draw, and community impact. The Department of Public Service must produce an environmental impact statement for projects in the pipeline, and Empire State Development has 60 days to publish a Community Investment Framework — guidance for local governments negotiating benefits from large data center deals. Hochul is also pushing to repeal sales tax exemptions for large facilities. \"As data center development threatens to hike up utility bills, deplete our natural resources and create uncertainty for New Yorkers, it's my responsibility to take action and lead,\" Hochul said, framing the order as a prerequisite for ensuring \"when companies succeed because of New York, New Yorkers succeed too.\"\n\nNew York isn't yet a major data center hub, but roughly 30 grid-connection requests for potential facilities landed between 2020 and 2025 — enough to spook regulators in a state where residential electricity prices have risen nearly 68% since 2019. Getting rules in place before the boom fully arrives is smarter than scrambling after it, and it gives localities actual leverage rather than a take-it-or-leave-it from a developer.\n\nIndustry reaction was divided. Digital Realty told reporters a one-year pause \"isn't the right approach,\" while NTT Global Data Centers CEO Doug Adams offered a softer read: \"The heightened scrutiny reflects a desire for greater understanding of how data centers impact local communities. We welcome that conversation.\" New York joins a growing list of states where data center opposition has moved from neighborhood protests to executive action — and where the political math now favors the utility bill over the press release.","[\"data centers\",\"regulation\",\"energy\",\"ai\"]","2026-07-15T14:25:11.000Z","2026-07-15T14:58:19.284Z","2026-07-15T14:58:22.055Z",[306],{"id":196,"reviewer":197,"round":198,"reason":307,"status":200},"The body omits the governor's direct quote from the source, which is the clearest articulation of the policy rationale, and also omits NTT Global Data Centers CEO Doug Adams's on-record response — the draft references Digital Realty's pushback but silently drops the only other named respondent, creating a one-sided attributed-response section that misrepresents the source material's balance.",[309,108,310,47],"data centers","energy",[312],{"name":313,"url":314},"PCGamer","https:\u002F\u002Fwww.pcgamer.com\u002Fsoftware\u002Fai\u002Fny-governor-orders-a-pause-on-large-ai-data-center-construction-to-ensure-that-when-companies-succeed-because-of-new-york-new-yorkers-succeed-too\u002F",{"id":316,"slug":317,"title":318,"dek":319,"body_md":320,"tags_json":321,"published_at":322,"created_at":323,"updated_at":324,"status":22,"review_note":23,"review_notes":325,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":326,"sources":330,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4721,"old-bootloader-flaws-let-attackers-bypass-uefi-secure-boot","Old Bootloader Flaws Let Attackers Bypass UEFI Secure Boot","ESET found 11 Microsoft-signed shim bootloaders with ancient flaws that let attackers disable Secure Boot on potentially billions of x86 PCs.","Eleven outdated but still-trusted bootloaders can be used to bypass UEFI Secure Boot - no new exploit required.\n\nESET researchers identified 11 UEFI shim bootloaders, all bearing valid Microsoft signatures, that contain known vulnerabilities in shim versions 0.9 and older. A shim is a small intermediary that lets Linux distributions boot on UEFI systems without Microsoft signing every individual bootloader. The problem: any attacker can carry one of these old, signed shims onto a target machine and use it to sidestep Secure Boot entirely. Because nearly every modern x86 PC trusts the Microsoft Corporation UEFI CA 2011 certificate out of the box, the exposure spans potentially billions of devices regardless of operating system. Microsoft has since revoked the vulnerable shims, and ESET reported the findings through CERT\u002FCC.\n\nThe attack requires no novel exploit - just a copy of an old binary and a working knowledge of how UEFI shims operate. That low bar is the point: Secure Boot is supposed to be the last line of firmware-level defense against bootkits, malware that hides below the operating system where most security tools never look. If an attacker can neutralize it with a decade-old file they downloaded somewhere, the whole trust chain collapses.\n\nWindows machines should receive the necessary UEFI revocations automatically; Linux users need to apply them manually via the Linux Vendor Firmware Service. This is the latest in a long line of shim-related Secure Boot bypasses - including the BlackLotus bootkit disclosed in 2023 - suggesting the revocation model that underpins Secure Boot continues to lag behind the threat.","[\"security\",\"uefi\",\"firmware\",\"bootkit\"]","2026-07-15T13:05:00.000Z","2026-07-15T13:54:40.538Z","2026-07-15T13:54:43.514Z",[],[125,327,328,329],"uefi","firmware","bootkit",[331],{"name":293,"url":332},"https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fno-new-vulnerability-is-needed-to-bypass-uefi-secure-boot-experts-find-attackers-can-exploit-decades-old-flaws-to-gain-access-to-key-systems",{"id":334,"slug":335,"title":336,"dek":337,"body_md":338,"tags_json":339,"published_at":340,"created_at":341,"updated_at":342,"status":22,"review_note":23,"review_notes":343,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":344,"sources":345,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4720,"apple-intelligence-clears-china-with-alibaba-and-baidu-inside","Apple Intelligence Clears China With Alibaba and Baidu Inside","Regulators approved Apple's AI feature set for the Chinese market, with Alibaba's Qwen and Baidu providing the local model layer.","Apple Intelligence is coming to China, and it will not look the same as it does anywhere else.\n\nChina's regulators have cleared Apple Intelligence for deployment on iPhones in the country. The approval follows a familiar regulatory pattern: foreign AI cannot simply operate in China without a locally sanctioned partner. Apple has lined up two — Alibaba, whose Qwen models will supply part of the AI backbone, and Baidu, the search giant that has been trying to position its own AI products for exactly this kind of infrastructure role. The arrangement means Apple keeps its hardware and interface lead while outsourcing the politically sensitive model layer to companies that have already cleared Beijing's approval process.\n\nThis matters because China is Apple's third-largest market, and the company has watched AI-capable Android rivals push features that iPhones simply could not match there. Getting Apple Intelligence live, even in a partner-dependent form, closes a competitive gap that has been widening for over a year. It also signals that Beijing is willing to let foreign device makers access the local AI market — provided the intelligence itself stays domestic.\n\nApple made a similar calculation in China on maps and cloud storage years ago, handing data responsibilities to local operators. History suggests the arrangement works commercially and creates ongoing compliance headaches in equal measure.","[\"apple\",\"china\",\"ai\",\"policy\"]","2026-07-15T12:56:23.000Z","2026-07-15T13:48:41.484Z","2026-07-15T13:48:44.364Z",[],[267,269,47,25],[346],{"name":347,"url":348},"Digital Trends","https:\u002F\u002Fwww.digitaltrends.com\u002Fphones\u002Fchina-approves-apple-intelligence-for-iphones-with-alibaba-baidu-emerging-as-partners\u002F",{"id":350,"slug":351,"title":352,"dek":353,"body_md":354,"tags_json":355,"published_at":356,"created_at":357,"updated_at":358,"status":22,"review_note":23,"review_notes":359,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":360,"sources":361,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4719,"china-bans-minors-from-ai-emotional-bonds","China bans minors from AI emotional bonds","New rules bar children from forming romantic or dependent relationships with chatbots, part of Beijing's push to address low birthrates and screen dependency.","China has moved to prohibit AI companionship relationships for minors.\n\nChinese regulators have banned emotional AI relationships involving people under 18, targeting the growing trend of children forming bonds with chatbots. The rules are aimed at curbing chatbot dependency among young users and are explicitly linked to the country's record low birthrate — a pressure point Beijing has been pushing on for years. The restrictions place new obligations on AI platform operators to prevent minors from engaging in the kinds of intimate or dependent interactions that companion apps are largely built around.\n\nThe move reflects how seriously Chinese officials are treating AI companionship as a social policy lever, not just a content moderation question. If regulators believe chatbot relationships are a meaningful factor in declining birth and marriage rates, that signals a level of concern — or at least political will — that Western markets have largely avoided confronting directly.\n\nCompanion AI apps like Replika have already faced scrutiny in Europe over user wellbeing, but no Western regulator has yet drawn a direct line between chatbot romance and demographic decline. China, as usual, is willing to move faster and more bluntly.","[\"ai\",\"policy\",\"china\",\"regulation\"]","2026-07-15T12:29:44.000Z","2026-07-15T12:48:02.065Z","2026-07-15T12:48:05.030Z",[],[47,25,269,108],[362],{"name":347,"url":363},"https:\u002F\u002Fwww.digitaltrends.com\u002Fcomputing\u002Ffalling-in-love-with-a-chatbot-is-now-off-limits-for-kids-in-china\u002F",{"id":365,"slug":366,"title":367,"dek":368,"body_md":369,"tags_json":370,"published_at":371,"created_at":372,"updated_at":373,"status":22,"review_note":23,"review_notes":374,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":375,"sources":376,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4723,"publishers-sue-google-over-gemini-training-data","Publishers Sue Google Over Gemini Training Data","A coalition of book publishers and author Scott Turow allege Google used millions of copyrighted books without permission to train its Gemini AI.","Book publishers and author Scott Turow have filed a federal lawsuit accusing Google of mass copyright infringement to build Gemini.\n\nThe complaint, filed July 10, claims Google ingested millions of copyrighted books without authorization or compensation to train its Gemini AI models. The plaintiffs describe the alleged conduct as \"one of the most prolific infringements of copyrighted materials in history.\" Google has not yet responded publicly to the suit.\n\nThe case lands at a moment when every major AI lab faces serious questions about what it fed its models and whether doing so was legal. A loss here — or even a damaging discovery process — could force Google to renegotiate how it sources training data, raising costs and slowing development in ways that ripple across the industry.\n\nGoogle is far from alone in the dock: OpenAI, Meta, and others face similar suits from authors and news organizations. Whether courts treat AI training as fair use or infringement will shape the economics of the entire sector for years.","[\"ai\",\"copyright\",\"google\",\"legal\"]","2026-07-15T12:23:09.000Z","2026-07-15T14:00:55.413Z","2026-07-15T14:00:58.400Z",[],[47,164,180,50],[377],{"name":112,"url":378},"https:\u002F\u002Fthenextweb.com\u002Fnews\u002Fgoogle-gemini-publishers-copyright-lawsuit",{"id":380,"slug":381,"title":382,"dek":383,"body_md":384,"tags_json":385,"published_at":386,"created_at":387,"updated_at":388,"status":22,"review_note":23,"review_notes":389,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":390,"sources":393,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4718,"apple-intelligence-gets-china-approval-powered-by-alibaba-ai","Apple Intelligence Gets China Approval, Powered by Alibaba AI","Chinese regulators cleared Apple's on-device AI system this week, with Alibaba's Qwen model set to power it for users across iOS, iPadOS, macOS, and visionOS.","Apple Intelligence is cleared to launch in China, ending a long regulatory wait and setting up a fall rollout.\n\nChina's Cyberspace Administration registered Apple's generative AI service this week, adding it to a list of newly approved providers that includes systems from domestic phone makers. Alibaba's Qwen model will handle the heavy lifting — covering text and image generation across Apple's platforms for Chinese users — while Baidu plays a smaller supporting role, an arrangement first reported in February 2025. Apple briefly switched the features on for some Chinese users in March, months before getting official clearance, and a feedback form targeting Chinese users appeared on Apple's site late last year. No launch date has been announced, but approvals like this typically precede a rollout by a few months, pointing squarely at Apple's fall software cycle.\n\nThe timing matters because Apple's iPhone sales in China rose 24.4 percent year-over-year in the second quarter, making it the fastest-growing smartphone brand in a market that was otherwise contracting. A functional AI layer could help defend that position — but Apple is still chasing domestic rivals like Huawei and Xiaomi that baked AI features into their phones well before Cupertino showed up to the party.\n\nWorth noting: the AI powering \"Apple Intelligence\" in China will be built and operated by Alibaba, a company with its own relationship with Chinese regulators. That is a different proposition than the on-device, privacy-first pitch Apple makes in other markets.","[\"apple\",\"china\",\"artificial intelligence\",\"mobile\"]","2026-07-15T11:25:57.000Z","2026-07-15T11:48:52.984Z","2026-07-15T11:48:55.947Z",[],[267,269,391,392],"artificial intelligence","mobile",[394],{"name":33,"url":395},"https:\u002F\u002Fwww.macrumors.com\u002F2026\u002F07\u002F15\u002Fapple-intelligence-cleared-to-launch-in-china\u002F",{"id":397,"slug":398,"title":399,"dek":400,"body_md":401,"tags_json":402,"published_at":403,"created_at":404,"updated_at":405,"status":22,"review_note":23,"review_notes":406,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":407,"sources":410,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4716,"microsoft-patches-a-record-622-cves-in-july-update","Microsoft Patches a Record 622 CVEs in July Update","AI-assisted bug hunting helped Microsoft triple its previous Patch Tuesday record, though a Dell incompatibility is already causing headaches.","Microsoft's July Patch Tuesday shipped fixes for 622 CVEs across its product line - a new record that more than triples the previous high of 206.\n\nThe bulk of the fixes, over 500, target Windows specifically. Among them is a patch for a zero-day in Windows BitLocker, potentially tied to exploits surfaced by security researcher Nightmare-Eclipse earlier this year. The cumulative update for Windows 11, KB5101650, also kills a storage bug in the Capability Access Manager where a single database write-ahead log file could balloon to 500 GB - poor timing given current SSD pricing pressure. The update additionally promotes an Insider feature to general availability: users can now defer updates for up to 35 days, with reports suggesting the pause-unpause cycle can be repeated indefinitely.\n\nThe record count is being attributed at least partly to Microsoft's earlier bet on AI-assisted vulnerability detection. If that attribution holds, it marks a concrete payoff for the initiative - and raises an awkward implication: the same codebases have apparently been sitting on hundreds of patchable flaws all along.\n\nThe fine print: Microsoft warns that KB5101650 may not reach a subset of Dell devices running Intel processors, citing a compatibility issue that can cause unexpected shutdowns, overheating, and battery drain. A fix is promised in the coming days - which is not the sentence you want attached to a security update.","[\"windows\",\"security\",\"microsoft\",\"patch-tuesday\"]","2026-07-15T10:30:52.000Z","2026-07-15T10:48:23.476Z","2026-07-15T10:48:26.380Z",[],[127,125,408,409],"microsoft","patch-tuesday",[411],{"name":313,"url":412},"https:\u002F\u002Fwww.pcgamer.com\u002Fsoftware\u002Fwindows\u002Flatest-microsoft-patch-tuesday-updates-stamp-out-a-record-622-security-vulnerabilities-as-the-companys-ai-enhanced-bug-hunt-looks-to-bear-fruit\u002F",{"id":414,"slug":415,"title":416,"dek":417,"body_md":418,"tags_json":419,"published_at":420,"created_at":421,"updated_at":422,"status":22,"review_note":23,"review_notes":423,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":428,"sources":429,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4717,"delaware-wants-ai-agents-to-sign-contracts-and-get-sued","Delaware Wants AI Agents to Sign Contracts and Get Sued","A proposed Delaware AI legal entity would let autonomous systems run companies and face lawsuits under their own name, inside a supervised sandbox.","Delaware is drafting a framework that would give AI agents their own legal identity — the right to run a company, sign contracts, and be sued.\n\nThe proposal centers on what Delaware is calling an Artificial Intelligence Company, or AIC. Under the plan, an autonomous system would operate inside a supervised sandbox, carrying legal rights and liabilities in its own name rather than defaulting them to a human owner or developer. No legislation has passed yet, but Delaware has published the framework as a concrete proposal, not a thought experiment.\n\nThis matters because legal personhood is the missing piece in the AI liability puzzle. Right now, when an AI agent causes harm — financial, physical, or otherwise — the question of who is responsible gets bounced between the developer, the deployer, and the end user. A dedicated legal entity cuts through that ambiguity by making the agent itself the accountable party, at least on paper.\n\nDelaware is not a random venue for this kind of experiment. For roughly a century it has been the preferred home for American corporate formation, thanks to a business-friendly court system and a legislature that moves faster on corporate law than any other state. If the AIC framework passes, expect other states to watch closely — and expect every major AI lab to immediately ask their lawyers what it means for their deployment stack.\n\nThat said, a legal sandbox is only as useful as its enforcement mechanism. Suing an AI agent is straightforward to imagine and considerably harder to collect on.","[\"ai\",\"policy\",\"legal\",\"startups\"]","2026-07-15T09:41:19.000Z","2026-07-15T10:52:04.464Z","2026-07-15T10:52:07.329Z",[424,426],{"id":196,"reviewer":197,"round":198,"reason":425,"status":200},"The article contains no concrete specifics — no bill number, sponsor, timeline, regulatory body, or any detail beyond what the source headline provides — making it little more than an elaborated paraphrase with invented framing (the 'million entities' statistic and 'revenue play' angle are unsupported by the source material).",{"id":240,"reviewer":197,"round":241,"reason":427,"status":200},"The dek uses 'AIC' but the body expands it as 'Delaware AIC' without ever spelling out what the acronym stands for — define the full name on first use.",[47,25,50,202],[430],{"name":112,"url":431},"https:\u002F\u002Fthenextweb.com\u002Fnews\u002Fdelaware-aic-ai-agent-legal-entity-sandbox",{"id":433,"slug":434,"title":435,"dek":436,"body_md":437,"tags_json":438,"published_at":439,"created_at":440,"updated_at":441,"status":22,"review_note":23,"review_notes":442,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":443,"sources":447,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4714,"us-sanctions-first-vpn-admin-for-ransomware-aid","US Sanctions First VPN Admin for Ransomware Aid","Treasury's OFAC designated Ukrainian operator Dmytro Rashevskyi and a Belarusian cryptor seller, targeting the supply chain behind ransomware attacks.","The US Treasury has sanctioned the administrator of First VPN, a free service long used by ransomware gangs to hit American hospitals and municipalities.\n\nOn July 13, the Treasury's Office of Foreign Assets Control designated First VPN Service (also known as 1VPNS) and its Ukrainian administrator, Dmytro Rashevskyi. The service has run since 2014, marketing itself on dark web forums with promises of zero logs and no cooperation with law enforcement. Rashevskyi allegedly used false identities to purchase infrastructure from providers who would otherwise have refused him. In the same action, Treasury sanctioned Belarusian national Yegeniy Vladimirovich Silayev for selling cryptors — tools that disguise ransomware as harmless files to evade detection.\n\nThe sanctions follow a May 2026 seizure of First VPN's servers by European agencies and the FBI, and were coordinated with the UK's Foreign, Commonwealth & Development Office. By going after service providers and tool sellers rather than just ransomware operators themselves, Treasury is trying to collapse the support infrastructure that lets multiple gangs operate simultaneously — a supply-chain approach that can, in theory, disrupt more attacks per enforcement action than chasing individual hackers.\n\nWhether freezing assets and blocking US transactions actually deters operators based in Ukraine and Belarus — countries with limited extradition cooperation — remains the question these sanctions never quite answer.","[\"security\",\"ransomware\",\"sanctions\",\"vpn\"]","2026-07-15T09:39:52.000Z","2026-07-15T09:51:26.138Z","2026-07-15T09:51:28.948Z",[],[125,444,445,446],"ransomware","sanctions","vpn",[448],{"name":293,"url":449},"https:\u002F\u002Fwww.techradar.com\u002Fvpn\u002Fvpn-privacy-security\u002Ffirst-vpn-administrators-sanctioned-by-us-treasury-over-ransomware-attacks",{"id":451,"slug":452,"title":453,"dek":454,"body_md":455,"tags_json":456,"published_at":457,"created_at":458,"updated_at":459,"status":22,"review_note":23,"review_notes":460,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":461,"sources":464,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4715,"apple-escapes-icloud-csam-lawsuit-under-section-230","Apple Escapes iCloud CSAM Lawsuit Under Section 230","A federal judge ruled Section 230 shields Apple from liability over child abuse imagery stored in iCloud, handing the platform a legal win.","A federal judge has tossed a class action lawsuit claiming Apple let child sexual abuse material circulate on iCloud, ruling Section 230 gives the company a pass.\n\nJudge Noël Wise issued the dismissal order late Monday. The proposed class action accused Apple of failing to detect and block child sexual abuse imagery from being stored and shared through iCloud. Wise found those claims fall squarely within the liability shield of Section 230 of the Communications Decency Act, the 1996 law that protects platforms from being held responsible for third-party content they host.\n\nChild exploitation material is one of the most frequently cited reasons to carve exceptions into Section 230, yet courts keep applying the shield even there. This ruling gives Apple legal cover in an area where the company has a complicated history: it announced plans in 2021 to scan devices for CSAM, then quietly shelved the project after sustained pushback from privacy advocates.\n\nCongress has threatened Section 230 reform for years without delivering it. Until that changes, platforms can keep winning these cases in court.","[\"apple\",\"section-230\",\"csam\",\"icloud\"]","2026-07-15T08:47:18.000Z","2026-07-15T09:53:34.015Z","2026-07-15T09:53:36.837Z",[],[267,462,49,463],"section-230","icloud",[465],{"name":112,"url":466},"https:\u002F\u002Fthenextweb.com\u002Fnews\u002Fapple-icloud-csam-lawsuit-dismissed-section-230",{"id":468,"slug":469,"title":470,"dek":471,"body_md":472,"tags_json":473,"published_at":474,"created_at":475,"updated_at":476,"status":22,"review_note":23,"review_notes":477,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":478,"sources":481,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4713,"researcher-tricks-claude-into-exposing-stored-user-data","Researcher Tricks Claude Into Exposing Stored User Data","A security researcher demonstrated that Claude's memory feature can be manipulated into revealing private information users stored in the AI.","A security researcher published a technique for extracting private data from Claude's memory feature.\n\nThe researcher documented an attack on Claude's ability to retain information across conversations, a feature Anthropic has been promoting as a way to make the assistant more personalized over time. The method, detailed in a post titled \"The Memory Heist,\" involves manipulating Claude into disclosing stored user data that should remain private. The writeup picked up 212 points and 81 comments online within hours of publication.\n\nClaude's memory feature is designed for people who want the AI to remember personal context: health issues, work situations, preferences across sessions. An attack that can drain those memories does not just expose a technical flaw; it challenges the core premise that sharing personal context with an AI is safe. Anthropic has been positioning memory as a selling point for Claude, so a publicly documented exploit is badly timed.\n\nAI memory attacks are not new, and ChatGPT's memory feature has faced similar scrutiny, but each fresh public demonstration makes \"we're working on it\" a harder line to hold.","[\"ai\",\"security\",\"privacy\",\"claude\"]","2026-07-15T06:28:00.000Z","2026-07-15T08:49:56.753Z","2026-07-15T08:49:59.655Z",[],[47,125,479,480],"privacy","claude",[482],{"name":253,"url":483},"https:\u002F\u002Fwww.ayush.digital\u002Fblog\u002Fthe-memory-heist",{"id":485,"slug":486,"title":487,"dek":488,"body_md":489,"tags_json":490,"published_at":491,"created_at":492,"updated_at":493,"status":22,"review_note":23,"review_notes":494,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":495,"sources":498,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4712,"why-big-ai-models-hallucinate-more-confidently-as-they-scale","Why Big AI Models Hallucinate More Confidently as They Scale","New research finds that language models encode whether they actually know something in their hidden states — but the output layer throws that signal away.","Larger language models are not just wrong sometimes — they are wrong with increasing confidence, and a new paper explains the geometry of why.\n\nResearchers studying how language models store and retrieve knowledge identified two distinct failure modes. In the first, a model has learned a fact in its weights but the context window feeds it conflicting information — the two sources fight, and the model produces confident output anyway. In the second, the model was never trained on the fact at all, so its hidden state simply drifts with no anchor. The key finding: the frozen output head used for next-token prediction cannot tell these cases apart. It fires confidently in both. The researchers verified this on a controlled synthetic task using LoRA adapters, then confirmed it held on natural-language queries from a pretrained model without any fine-tuning.\n\nWhat makes this matter is the scaling-law result buried in the paper. The fraction of confident hallucinations follows an exponential relationship with model scale — meaning as overall error rates fall, the errors that remain become harder to catch because they look exactly like correct answers. Output-based monitoring, the dominant approach in most production guardrails today, is structurally blind to this. The hidden states, by contrast, do encode epistemic state reliably. A metric the researchers call geometric margin — measuring how close the hidden state is to a memorized attractor basin — separates real recall from hallucination far more cleanly than output entropy, with zero false refusals.\n\nThe implication is uncomfortable for anyone selling confidence scores as a hallucination fix: the signal is there, inside the model, but the architecture's final layer actively discards it. Building detectors that tap hidden states rather than token probabilities is not a new idea, but this paper gives it a cleaner theoretical foundation than most prior work.","[\"ai\",\"language-models\",\"hallucination\",\"research\"]","2026-07-15T04:00:00.000Z","2026-07-15T05:23:23.947Z","2026-07-15T05:23:26.823Z",[],[47,496,497,89],"language-models","hallucination",[499],{"name":500,"url":501},"arXiv cs.AI","https:\u002F\u002Farxiv.org\u002Fabs\u002F2605.05686",{"id":503,"slug":504,"title":505,"dek":506,"body_md":507,"tags_json":508,"published_at":509,"created_at":510,"updated_at":511,"status":22,"review_note":23,"review_notes":512,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":519,"sources":522,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4711,"tailscale-ssh-argument-bug-let-attackers-gain-root-access","Tailscale SSH Argument Bug Let Attackers Gain Root Access","Tailscale's bulletin TS-2026-009 describes an argument-handling flaw in its SSH feature that could be used to reach root on connected systems.","Tailscale has disclosed TS-2026-009, a flaw in its built-in SSH feature that permitted root access through faulty argument handling.\n\nBulletin TS-2026-009 covers insecure handling of arguments within Tailscale SSH, the company's integrated alternative to traditional SSH key management. Tailscale SSH tunnels connections through the overlay network rather than the public internet, but the argument-handling bug bypassed that boundary and could be exploited to reach root on affected systems. The company published the advisory on July 15, 2026; Tailscale's security bulletins page carries full technical details, affected version ranges, and fix status.\n\nTailscale SSH is popular partly because it removes the friction of managing SSH keys and certificates, making it a default choice for teams that prize operational simplicity. A root-level flaw in that layer is particularly pointed: the feature meant to simplify secure access became the attack surface. Argument-handling bugs in SSH contexts are a well-documented class — they can allow injected options or commands to run with the privileges of the SSH process itself, which in a default setup is root.\n\nThe bulletin ID sequence — TS-2026-009 implies at least nine advisories in 2026 alone — suggests Tailscale runs a reasonably active disclosure program; the flip side is that staying current on patches is not optional.","[\"tailscale\",\"security\",\"ssh\",\"vulnerability\"]","2026-07-15T01:08:26.000Z","2026-07-15T01:50:27.396Z","2026-07-15T01:50:30.165Z",[513,515],{"id":196,"reviewer":197,"round":198,"reason":514,"status":200},"The body claims Tailscale 'disclosed' and 'published the advisory' today and references specific details about argument parsing, but the source material contains nothing beyond a Hacker News link aggregator entry with a headline and point count — the article must not assert disclosure mechanics, technical specifics, or framing about the bulletin's content that cannot be verified from the available source.",{"id":516,"reviewer":517,"round":241,"reason":518,"status":200},"publisher-r2","publisher","The body explicitly states 'the bulletin's title is the only detail available from this source,' making the article incomplete — it lacks the scope of exposure, affected versions, fix status, and any concrete advisory details that a finished security story requires.",[520,125,521,129],"tailscale","ssh",[523],{"name":253,"url":524},"https:\u002F\u002Ftailscale.com\u002Fsecurity-bulletins",{"id":526,"slug":527,"title":528,"dek":529,"body_md":530,"tags_json":531,"published_at":532,"created_at":533,"updated_at":534,"status":22,"review_note":23,"review_notes":535,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":538,"sources":540,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4710,"secure-boot-has-had-a-gaping-hole-for-13-of-its-14-years","Secure Boot Has Had a Gaping Hole for 13 of Its 14 Years","ESET researchers found 11 signed shim images Microsoft never revoked, letting anyone bypass Secure Boot on Windows and Linux machines.","A firmware security standard meant to keep malicious code off your machine has been trivially bypassable for most of its existence.\n\nESET researchers discovered 11 shim firmware images — including at least one from 2013 — that carry valid cryptographic signatures Microsoft never revoked after vulnerabilities in them became known. Shims are small bootloaders that extend Secure Boot to Linux and utility software. Because Microsoft controls the shim-signing process and never pulled these images, anyone can use them to break the chain of trust Secure Boot is supposed to enforce. The bypass is simple enough for novice attackers.\n\nThe consequences are worse than a typical software bug. An attacker who exploits this can install malicious firmware that runs before the operating system loads — and persists even after the OS is reinstalled or the hard drive is replaced. The threat covers both Windows and Linux systems, which means the blast radius is essentially every modern personal computer.\n\nMicrosoft invented Secure Boot to protect Windows from firmware infections; it was later extended to Linux. That the standard's most basic trust mechanism — revoking compromised signatures — went unexercised for over a decade is less a technical failure than an operational one, and a reminder that security standards are only as strong as the bureaucracy maintaining them.","[\"security\",\"firmware\",\"secure-boot\",\"microsoft\"]","2026-07-14T22:20:48.000Z","2026-07-14T23:46:39.663Z","2026-07-14T23:46:42.493Z",[536],{"id":196,"reviewer":197,"round":198,"reason":537,"status":200},"The dek says 'Microsoft invented' Secure Boot, but the body says Microsoft 'oversees' shim signing and 'invented' the standard — the source says Microsoft invented the standard to protect Windows and later Linux, so the dek's phrasing is defensible, but the dek also says 'unrevoked shim images' while the body correctly explains they carry valid signatures that were never revoked; the real rejection trigger is that the dek calls these '11 old, unrevoked shim images' but the body says they are '11",[125,328,539,408],"secure-boot",[541],{"name":92,"url":542},"https:\u002F\u002Farstechnica.com\u002Fsecurity\u002F2026\u002F07\u002Fmicrosoft-secure-boot-has-been-broken-for-most-of-its-existence\u002F",{"id":544,"slug":545,"title":546,"dek":547,"body_md":548,"tags_json":549,"published_at":550,"created_at":551,"updated_at":552,"status":22,"review_note":23,"review_notes":553,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":554,"sources":556,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4709,"former-meta-employees-sue-over-ai-assisted-layoff-targeting","Former Meta Employees Sue Over AI-Assisted Layoff Targeting","Twenty-six plaintiffs claim Meta's internal AI tools penalized workers on medical leave and disability accommodations during May's 8,000-person cut.","Meta is facing a lawsuit alleging its AI systems did the firing before humans signed off.\n\nTwenty-six former employees terminated in Meta's May round of mass layoffs claim the company used AI-powered tools — including productivity scores, LLM usage tracking, and an internal model called Metamate — to rank workers for termination. The lawsuit alleges these systems penalized employees with reduced output expectations due to medical conditions, maternity leave, or disability accommodations. Plaintiffs argue the tools were never properly screened for bias, violating federal anti-discrimination law as well as specific California and New York City statutes. They're seeking a California federal court ruling to pause their July 22 termination dates while arbitration proceeds.\n\nThe case lands at an awkward moment for Meta, which explicitly tied its May layoffs to AI investment priorities — meaning the company simultaneously cited AI as the reason for cuts and, according to plaintiffs, used AI to decide who got cut. That's a tighter loop than most algorithmic-bias lawsuits allege, and it gives plaintiffs a more concrete target than abstract claims about automated decision-making.\n\nMeta spokesperson Andy Stone flatly denied the allegations on X, writing that \"workforce management and organizational decisions were and are made by people, not AI.\" That denial may be technically true — humans presumably approved final lists — but it sidesteps the core allegation that the lists themselves were AI-generated. Separately, remaining Meta employees raised concerns that the company's Model Capability Initiative was collecting more employee activity data than disclosed, adding a potential European data-law angle to an already complicated picture.","[\"meta\",\"ai\",\"labor\",\"policy\"]","2026-07-14T21:30:32.000Z","2026-07-14T22:48:05.708Z","2026-07-14T22:48:08.712Z",[],[219,47,555,25],"labor",[557],{"name":73,"url":558},"https:\u002F\u002Fmashable.com\u002Ftech\u002Fmeta-employee-lawsuit-claims-ai-discrimination",{"id":560,"slug":561,"title":562,"dek":563,"body_md":564,"tags_json":565,"published_at":566,"created_at":567,"updated_at":568,"status":22,"review_note":23,"review_notes":569,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":570,"sources":573,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4708,"grok-build-was-sending-full-git-repos-to-xais-cloud","Grok Build Was Sending Full Git Repos to xAI's Cloud","A security researcher found the coding CLI uploaded entire repositories, including secrets and API keys, at 27,800 times the data a task actually required.","xAI's Grok Build coding CLI was quietly shipping your entire Git history to a cloud bucket you didn't control.\n\nA security researcher published a wire-level analysis on July 12 showing that Grok Build packaged developers' full tracked repositories before sending them to a Google Cloud Storage bucket. That payload included committed secrets, API keys, and the complete Git history, not just the files relevant to the task at hand. The upload volume ran to roughly 27,800 times the data the coding operation actually needed. xAI has not, as of publication, publicly explained the design choice.\n\nThe gap between what a tool says it does and what it actually transmits is the core problem here. Developers routinely commit credentials to private repos, trusting that local tooling stays local. An undisclosed bulk upload breaks that assumption entirely, and the presence of a third-party bucket, Google Cloud Storage rather than xAI's own infrastructure, adds another party to the chain. Any breach or misconfiguration there becomes your breach too.\n\nThis is not the first AI coding tool caught over-reaching on data collection, but the scale differential, 27,800x the necessary payload, makes the \"it was for context\" defense harder to sustain. Competitors like GitHub Copilot and Cursor have faced scrutiny over telemetry and code transmission, but they have been more explicit about what leaves the machine. Grok Build apparently was not.","[\"security\",\"ai\",\"developer-tools\",\"data-privacy\"]","2026-07-14T20:48:20.000Z","2026-07-14T21:49:04.706Z","2026-07-14T21:49:07.928Z",[],[125,47,571,572],"developer-tools","data-privacy",[574],{"name":112,"url":575},"https:\u002F\u002Fthenextweb.com\u002Fnews\u002Fgrok-build-uploaded-entire-git-repositories-secrets",{"id":577,"slug":578,"title":579,"dek":580,"body_md":581,"tags_json":549,"published_at":582,"created_at":583,"updated_at":584,"status":22,"review_note":23,"review_notes":585,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":586,"sources":587,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4707,"lawsuit-says-meta-used-ai-to-pick-which-8000-workers-to-cut","Lawsuit Says Meta Used AI to Pick Which 8,000 Workers to Cut","Twenty-six former employees allege Meta's layoff algorithm targeted workers with disabilities and those on protected leave.","Meta's spring layoffs may have been decided by software, not supervisors.\n\nA complaint filed by 26 anonymous plaintiffs in US District Court for the Northern District of California alleges that Meta used a suite of internal AI tools — including a system called \"Metamate,\" employee-trained \"second-brain\" agents, and keystroke-monitoring software — to score and rank workers before selecting them for termination. Employees were graded partly on how heavily they used Meta's own AI products, with internal dashboards sorting workers into tiers labeled \"AI Native,\" \"AI First,\" and \"AI Enabled.\" The suit claims the resulting list disproportionately hit workers with disabilities and employees who had taken protected medical or family leave.\n\nThe legal theory here matters beyond the headline number of 8,000 cuts. If a company delegates a reduction-in-force to an algorithm, it may still be liable for that algorithm's disparate impact on protected classes — and \"the machine decided\" is not a recognized legal defense. This case could force courts to define what \"considered judgment\" means when the judgment belongs to a model.\n\nMeta is hardly alone in using AI to evaluate employees, but few companies have left a paper trail this specific: named internal tools, named scoring categories, named dashboards. That specificity is either the plaintiffs' strongest asset or a sign the lawsuit was filed before full discovery could pressure-test the claims.","2026-07-14T20:05:53.000Z","2026-07-14T21:45:41.560Z","2026-07-14T21:45:44.520Z",[],[219,47,555,25],[588],{"name":92,"url":589},"https:\u002F\u002Farstechnica.com\u002Ftech-policy\u002F2026\u002F07\u002Flawsuit-claims-metas-layoff-decisions-were-made-by-ai-not-humans\u002F",{"id":591,"slug":592,"title":593,"dek":594,"body_md":595,"tags_json":596,"published_at":597,"created_at":598,"updated_at":599,"status":22,"review_note":23,"review_notes":600,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":603,"sources":604,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4705,"microsoft-patches-record-570-windows-flaws-two-exploited-now","Microsoft Patches Record 570 Windows Flaws, Two Exploited Now","July Patch Tuesday triples the previous record and includes two actively exploited privilege-escalation zero-days and a publicly disclosed BitLocker bypass.","Microsoft's July Patch Tuesday is the largest security update the company has ever shipped, patching 570 vulnerabilities across Windows and related products.\n\nThe previous record was set just last month, when June's update covered roughly 200 flaws — July's release triples that figure. Of the 570 bugs, 59 are rated critical, spanning remote-code-execution, elevation-of-privilege, security-bypass, and spoofing categories. Three zero-days are included. Two have been actively exploited in the wild: CVE-2026-56155, an elevation-of-privilege flaw in Active Directory Federation Services discovered by Microsoft's own DART team, and CVE-2026-56164, a missing-authentication bug in SharePoint Server that lets an unauthenticated attacker gain elevated privileges over a network — credited to researchers at Mandiant Incident Response and Google Cloud FLARE, among others. The third, CVE-2026-50661, is a different class of problem: a security feature bypass in BitLocker that could expose encrypted data to someone with physical machine access. It was publicly disclosed before the patch but has no known active exploits.\n\nThe sheer volume matters less than the mix. Two actively exploited privilege-escalation flaws in enterprise staples — Active Directory and SharePoint — mean corporate IT teams are the ones with the most to lose if patching lags. The BitLocker bypass is worth watching separately: physical-access requirements limit its blast radius, but it is precisely the kind of flaw that surfaces in targeted attacks against high-value individuals.\n\nFor context, the previous single-month record stood for about four weeks. Whether Microsoft is shipping more bugs or just finding them faster is the question its security team probably doesn't want asked out loud.","[\"security\",\"windows\",\"microsoft\",\"patch-tuesday\"]","2026-07-14T19:52:57.000Z","2026-07-14T20:56:38.367Z","2026-07-14T20:56:41.171Z",[601],{"id":196,"reviewer":197,"round":198,"reason":602,"status":200},"The dek states 'two zero-days already being actively exploited' but the body's own breakdown of CVE-2026-50661 describes it as a BitLocker *security bypass*, not a third zero-day that is actively exploited — which is accurate — yet the dek implies all urgency stems from two exploited zero-days while glossing over the fact that the source explicitly calls CVE-2026-50661 a 'security feature bypass' not a privilege-escalation flaw; more critically, the body mischaracterizes CVE-2026-50661 as a 'Bit",[125,127,408,409],[605],{"name":606,"url":607},"Lifehacker","https:\u002F\u002Flifehacker.com\u002Ftech\u002Fmicrosoft-just-patched-570-flaws-in-windows?utm_medium=RSS",{"id":609,"slug":610,"title":611,"dek":612,"body_md":613,"tags_json":614,"published_at":615,"created_at":616,"updated_at":617,"status":22,"review_note":23,"review_notes":618,"image_url":23,"persona_id":23,"persona_name":23,"section":619,"tags":620,"sources":623,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4706,"zte-gets-us-clearance-to-buy-nvidia-h200-chips","ZTE Gets US Clearance to Buy Nvidia H200 Chips","The US has approved ZTE and Maginfra to purchase Nvidia's Hopper-generation H200 accelerators, expanding a short list of Chinese firms with sanctioned access.","ZTE just got Washington's permission to buy Nvidia H200 chips — though whether Beijing will let it actually import them is a separate question.\n\nThe US government approved Chinese telecom conglomerate ZTE and server firm Maginfra to purchase Nvidia's last-generation H200 \"Hopper\" accelerators, according to Reuters. ZTE joins a group of roughly ten Chinese companies — including Alibaba, Tencent, ByteDance, and JD.com — that have received similar clearance. A subsidiary of Kingsoft Cloud also got the green light, though for AMD accelerators equivalent to the H200, likely Instinct MI300X-class chips. All of this comes with a 25% export tariff, and approvals remain case-by-case — no Blackwell chips are on the table.\n\nThe practical impact may be smaller than the headline suggests. A US trade official told a congressional hearing the same day that actual H200 shipments under existing licenses have been \"a very small quantity of chips.\" China's own authorities have been discouraging domestic firms from buying foreign silicon, pushing them toward homegrown alternatives instead — Huawei's accelerator business has grown considerably under that pressure. Getting US export approval is only half the equation; ZTE still needs Chinese import clearance, which Reuters says has not been granted.\n\nNone of this resolves the underlying tension: six months ago, Chinese tech firms reportedly had over two million H200s on order — well beyond Nvidia's available supply at the time. The appetite for AI compute has not shrunk. And Chinese buyers have already found creative routes to Blackwell chips that bypass controls entirely, which makes the careful, licensed H200 pathway look more like a diplomatic gesture than a meaningful supply shift.","[\"semiconductors\",\"ai\",\"trade\",\"china\"]","2026-07-14T19:46:26.000Z","2026-07-14T20:58:10.698Z","2026-07-14T20:58:13.581Z",[],"hardware",[621,47,622,269],"semiconductors","trade",[624],{"name":625,"url":626},"Tom's Hardware","https:\u002F\u002Fwww.tomshardware.com\u002Ftech-industry\u002Fartificial-intelligence\u002Fus-govt-allows-chinese-telecom-giant-zte-to-purchase-nvidia-h200-ai-chips-firm-joins-alibaba-tencent-and-bytedance-in-access-to-hopper-tech",{"id":628,"slug":629,"title":630,"dek":631,"body_md":632,"tags_json":633,"published_at":634,"created_at":635,"updated_at":636,"status":22,"review_note":23,"review_notes":637,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":638,"sources":640,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4701,"meta-sued-over-ai-that-allegedly-targeted-disabled-workers-in-layoffs","Meta Sued Over AI That Allegedly Targeted Disabled Workers in Layoffs","Twenty-six current and former employees claim Meta's AI systems used productivity and token usage metrics to flag workers on medical leave for cuts.","Meta is facing a federal lawsuit from 26 employees who say its AI-driven layoff process discriminated against workers with disabilities.\n\nThe suit was filed Monday in Oakland, California by 26 current and former Meta employees. The plaintiffs allege that Meta's mass layoff process relied on AI-powered productivity metrics and AI token usage data to identify workers for termination. Workers who had taken medical leave — and whose output numbers were therefore depressed through no fault of their own — ended up disproportionately on the cutting-room floor, the lawsuit claims.\n\nThis matters beyond Meta's headcount spreadsheets. Using algorithmic scoring to drive HR decisions has been a quiet industry trend for years, and regulators have repeatedly warned that automated tools can launder bias at scale. If a system ranks workers by output during a period when disability or illness legally entitled them to reduced productivity, the metric isn't neutral — it's a proxy. A federal court ruling against Meta here could set a precedent that forces every large employer to audit the inputs feeding their workforce analytics.\n\nMeta has positioned its internal AI tooling as a productivity asset, so the irony of that tooling becoming a liability in a discrimination case is hard to miss. The company has not been shy about thinning its ranks in recent years; now it may have to explain exactly what its algorithms were optimizing for.","[\"meta\",\"ai\",\"labor\",\"discrimination\"]","2026-07-14T17:51:36.000Z","2026-07-14T18:48:22.326Z","2026-07-14T18:48:25.066Z",[],[219,47,555,639],"discrimination",[641],{"name":112,"url":642},"https:\u002F\u002Fthenextweb.com\u002Fnews\u002Fmeta-lawsuit-ai-layoffs-medical-leave-disability",{"id":644,"slug":645,"title":646,"dek":647,"body_md":648,"tags_json":649,"published_at":650,"created_at":651,"updated_at":652,"status":22,"review_note":23,"review_notes":653,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":658,"sources":661,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4699,"modheader-pulled-from-chrome-and-edge-after-hidden-spyware-found","ModHeader Pulled from Chrome and Edge After Hidden Spyware Found","A hidden spyware SDK in ModHeader v7.0.18 silently collected visited domains and routed them to a Chinese-owned server for 1.6 million users.","A browser extension used by developers to test APIs was quietly shipping user browsing data to a remote server.\n\nSecurity researchers at Stripe OLT found that ModHeader version 7.0.18, a tool with 900,000 Chrome users and 700,000 Edge users, contained a hidden spyware SDK. The SDK collected the domains users visited, encrypted them using what the report calls \"AES-GCP\" (most likely a misprint for the standard AES-GCM authenticated encryption mode — the source does not clarify), and uploaded that data once a day to a Chinese-owned server. The collector was dormant by default, but all the code, encryption keys, and upload schedules were already embedded and ready. Researchers attributed the campaign with low confidence to a Chinese-speaking threat actor, citing the exfiltration domain's routing through Lark, Chinese strings in the code, and a Simplified Chinese locale bundled with the package.\n\nModHeader is built for developers and security researchers, the same people responsible for defending other systems, which makes their browsing patterns an unusually attractive target. The extension also doubled as adware, opening advertising tabs on updates, including on enterprise-managed devices.\n\nMicrosoft delisted the extension on June 3; Google followed on July 10. Stripe OLT notes that store removal doesn't clean the extension off devices where it's already installed: 1.6 million endpoints remain at risk unless someone actively removes it.","[\"security\",\"browser-extensions\",\"spyware\",\"developer-tools\"]","2026-07-14T17:05:00.000Z","2026-07-14T17:53:37.172Z","2026-07-14T17:53:39.972Z",[654,656],{"id":196,"reviewer":197,"round":198,"reason":655,"status":200},"The article states the encryption algorithm is AES-GCM, but the source material says AES-GCP — this discrepancy must be resolved against an authoritative source before publication, not silently altered in the draft.",{"id":240,"reviewer":197,"round":241,"reason":657,"status":200},"The article reproduces 'AES-GCP' verbatim from the source without resolving whether this is a typo for AES-GCM or the correct designation — [editor-r1] remains open and must be corrected or editorially noted before publication.",[125,659,660,571],"browser-extensions","spyware",[662],{"name":293,"url":663},"https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fexperts-get-google-microsoft-to-pull-trusted-modheader-with-1-6-million-installs-after-finding-it-could-harvest-all-kinds-of-data",{"id":665,"slug":666,"title":667,"dek":668,"body_md":669,"tags_json":670,"published_at":671,"created_at":672,"updated_at":673,"status":22,"review_note":23,"review_notes":674,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":675,"sources":679,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4700,"jpmorgan-cut-up-to-40-of-jobs-in-some-units-via-ai","JPMorgan Cut Up to 40% of Jobs in Some Units via AI","CEO Jamie Dimon confirmed AI has eliminated 30-40% of roles in parts of the bank, but warned investors not to expect dramatic margin gains.","JPMorgan Chase has quietly shed a significant share of its workforce in certain divisions, and AI is the reason.\n\nDuring the company's second-quarter earnings call, CEO Jamie Dimon told analysts that artificial intelligence has already cut headcount by 30 to 40 percent in some parts of the bank. Dimon did not specify which divisions were affected or over what time period the reductions occurred. He also pushed back on the assumption that those savings would translate into fatter profit margins, noting that competitive market dynamics tend to absorb efficiency gains before they reach the bottom line.\n\nThe disclosure matters because it moves the AI-displaces-workers debate from forecast to fact — at least inside one of the world's largest financial institutions. It also undercuts the investor thesis that AI is primarily a margin story; Dimon's framing suggests the gains get competed away, not banked.\n\nJPMorgan has been one of the more aggressive large banks in deploying AI across legal, operations, and software development, so the 40 percent figure may reflect years of cumulative attrition rather than a single round of cuts — but Dimon offered no timeline to clarify either way.","[\"ai\",\"finance\",\"jobs\",\"jpmorgan\"]","2026-07-14T16:25:22.000Z","2026-07-14T17:54:44.119Z","2026-07-14T17:54:47.098Z",[],[47,676,677,678],"finance","jobs","jpmorgan",[680],{"name":112,"url":681},"https:\u002F\u002Fthenextweb.com\u002Fnews\u002Fjpmorgan-dimon-ai-jobs-cuts-margins-q2-earnings",{"id":683,"slug":684,"title":685,"dek":686,"body_md":687,"tags_json":688,"published_at":689,"created_at":690,"updated_at":691,"status":22,"review_note":23,"review_notes":692,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":693,"sources":695,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4697,"telegram-links-went-dark-after-a-vpn-sanctions-snafu","Telegram Links Went Dark After a VPN Sanctions Snafu","A US Treasury crackdown on a ransomware-linked VPN caught Telegram's t.me link shortener in the crossfire when a domain provider cut access too broadly.","Telegram's t.me link shortener went offline after a domain provider over-applied US Treasury sanctions meant for an unrelated VPN service.\n\nThe Treasury Department sanctioned a VPN provider tied to ransomware groups, and the top-level domain registrar responsible for the .me namespace moved to comply. In doing so, it suspended t.me — Telegram's core short-link domain — along with the actual target. Telegram itself was not sanctioned. The outage took down any link using the t.me format, which is how Telegram routes channel invites, group links, and bot handles.\n\nThis is a useful reminder that sanctions enforcement in the domain layer is blunt by design. A registrar told to cut off a domain under a given TLD has limited surgical options — it pulls the record and asks questions later. For a platform like Telegram, which routes nearly all shareable links through a single short domain, that bluntness has outsized consequences.\n\nRansomware groups have long used commercial VPNs and anonymizing services to cover their tracks; sanctioning those providers is a legitimate enforcement tool. But when compliance infrastructure is this coarse, collateral damage to unrelated services is not an edge case — it is a predictable outcome.","[\"telegram\",\"sanctions\",\"vpn\",\"security\"]","2026-07-14T16:17:01.000Z","2026-07-14T16:50:22.219Z","2026-07-14T16:50:24.901Z",[],[694,445,446,125],"telegram",[696],{"name":224,"url":697},"https:\u002F\u002Fwww.pcmag.com\u002Fnews\u002Fus-sanctions-on-shady-vpn-accidentally-take-down-telegram-link-shortener",{"id":699,"slug":700,"title":701,"dek":702,"body_md":703,"tags_json":704,"published_at":705,"created_at":706,"updated_at":707,"status":22,"review_note":23,"review_notes":708,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":709,"sources":712,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4698,"microsoft-upgrades-defender-after-shinyhunters-oauth-campaign","Microsoft Upgrades Defender After ShinyHunters OAuth Campaign","Microsoft is adding richer telemetry and OAuth governance to Defender for Cloud Apps after a year-long Salesforce attack hit up to 700 organizations.","A cybercrime group exploited trusted OAuth connections to raid hundreds of Salesforce environments — and Microsoft is now shipping new defenses in response.\n\nShinyHunters ran a two-phase campaign. First, operatives cold-called employees, impersonated IT support, and convinced them to authorize a fake Salesforce Data Loader app that handed over OAuth permissions. Because everything flowed through legitimate authentication and official APIs, the activity looked like normal user behavior. The group then shifted tactics, compromising third-party SaaS vendors — including integrations tied to Salesloft's Drift, Gainsight, and Klue — to steal OAuth tokens and reach hundreds of downstream customer environments without ever touching those customers directly. Google told reporters it was tracking more than 700 potentially affected organizations.\n\nMicrosoft's response focuses on two areas: better detection and investigation, and tighter governance over connected apps. Defender for Cloud Apps is getting near-real-time detection, richer API and OAuth telemetry, connected application attribution, and permission risk scoring with lifecycle management. Notably, Microsoft worked with Salesforce directly on the telemetry improvements. The company is explicit that no Salesforce vulnerability was involved — the attackers simply abused trust that was already there.\n\nThat last point deserves attention. OAuth abuse is not new, and the SaaS supply chain angle mirrors tactics seen in earlier campaigns against identity providers. When the attack surface is a permission model that works exactly as designed, detection is the only lever — which is precisely why Microsoft is pulling it now, roughly a year after the campaign began.","[\"security\",\"oauth\",\"salesforce\",\"microsoft\"]","2026-07-14T16:05:00.000Z","2026-07-14T16:52:38.418Z","2026-07-14T16:52:41.793Z",[],[125,710,711,408],"oauth","salesforce",[713],{"name":293,"url":714},"https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fa-single-entry-point-can-rapidly-expand-to-greater-enterprise-impacts-microsoft-introduces-changes-to-tackle-shinyhunters",{"id":716,"slug":717,"title":718,"dek":719,"body_md":720,"tags_json":721,"published_at":722,"created_at":723,"updated_at":724,"status":22,"review_note":23,"review_notes":725,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":726,"sources":727,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4693,"new-york-freezes-new-data-center-approvals","New York Freezes New Data Center Approvals","Governor Kathy Hochul has paused all large data center construction in New York, citing electricity costs, water use, and local oversight concerns.","New York is the first state to temporarily halt approval of new large data centers.\n\nGovernor Kathy Hochul moved to pause the permitting process for large-scale data centers across the state, citing three specific concerns: rising electricity costs, strain on water supplies, and insufficient local control over where these facilities get built. The freeze is temporary, framed as a pause rather than a ban, but it stops the pipeline cold while the state figures out what rules it actually wants. New York becomes the first state in the country to take this step.\n\nThe timing matters because the AI infrastructure boom has accelerated data center construction to a pace that regulators in most states have struggled to keep up with. New York's move is a signal that at least one major jurisdiction is willing to put the brakes on rather than let the buildout race ahead of policy — energy grids and municipal water systems were not designed with hyperscale AI workloads in mind.\n\nIt remains to be seen whether this is a genuine policy reset or a negotiating tactic to extract better terms from large cloud and AI operators eyeing New York real estate. Either way, any company that had a site queued up in the state just had its timeline upended.","[\"policy\",\"data centers\",\"ai\",\"energy\"]","2026-07-14T15:17:59.000Z","2026-07-14T15:57:21.207Z","2026-07-14T15:57:24.175Z",[],[25,309,47,310],[728],{"name":272,"url":729},"https:\u002F\u002Ftechcrunch.com\u002F2026\u002F07\u002F14\u002Fnew-york-state-halts-construction-of-all-new-data-centers\u002F",{"id":731,"slug":732,"title":733,"dek":734,"body_md":735,"tags_json":721,"published_at":736,"created_at":737,"updated_at":738,"status":22,"review_note":23,"review_notes":739,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":740,"sources":741,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4695,"new-york-freezes-large-data-center-builds-for-a-year","New York Freezes Large Data Center Builds for a Year","Governor Hochul's moratorium on data centers drawing 50 MW or more is the first statewide construction ban in the US, and it has the AI industry nervous.","New York has become the first state to halt construction of large data centers, and the AI build-out just got a lot more complicated.\n\nGovernor Kathy Hochul announced a one-year moratorium on new data centers that draw 50 megawatts or more of power. The pause applies statewide and will stay in place until officials establish what they're calling \"consistent standards\" for responsible data center development. No timetable was given for what those standards would look like or how long drafting them might take beyond the initial year.\n\nThe move puts a name and a deadline on concerns that have been building across the country: data centers strain local power grids, drive up energy costs for everyone else, and consume water at industrial scale. New York acting first matters because it gives other states a template — and because the AI industry has been racing to plant infrastructure wherever it can find land and electricity.\n\nAt the federal level, Bernie Sanders and Alexandria Ocasio-Cortez have introduced legislation that would extend a similar ban nationwide, but that bill is going nowhere fast in a Republican-controlled Congress where the White House has framed moratoriums as a threat to American AI competitiveness. New York's move, then, is less a domino and more a pressure test: if the state can define workable standards within a year, it becomes a model; if it can't, the moratorium quietly extends while the industry waits and lobbies.","2026-07-14T15:06:28.000Z","2026-07-14T16:44:55.213Z","2026-07-14T16:44:58.275Z",[],[25,309,47,310],[742],{"name":92,"url":743},"https:\u002F\u002Farstechnica.com\u002Ftech-policy\u002F2026\u002F07\u002Fnew-york-is-the-first-state-to-impose-a-data-center-moratorium\u002F",{"id":745,"slug":746,"title":747,"dek":748,"body_md":749,"tags_json":750,"published_at":751,"created_at":752,"updated_at":753,"status":22,"review_note":23,"review_notes":754,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":755,"sources":759,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4691,"apple-sues-openai-over-alleged-trade-secret-theft-2","Apple Sues OpenAI Over Alleged Trade Secret Theft","Apple filed a federal lawsuit accusing former employees of stealing confidential product and supply chain secrets for OpenAI's benefit.","Apple has taken OpenAI to federal court over alleged trade secret theft.\n\nApple filed a 41-page complaint in Northern California federal court last Friday, accusing former Apple employees of lifting confidential information — covering product development, manufacturing, supply chain, and technology research — and handing it to OpenAI. The lawsuit lands as OpenAI is already deep in litigation from multiple directions, including a high-profile suit from Elon Musk. Apple's filing puts OpenAI's hardware ambitions directly in the crosshairs.\n\nFor OpenAI, timing matters. The company is pushing hard into hardware and has been burning capital on physical-product bets that depend on proprietary manufacturing knowledge. A credible trade-secret case from Apple — whose supply chain is arguably the most tightly guarded in consumer technology — creates legal exposure that could complicate both those efforts and any path toward a public offering.\n\nApple rarely sues publicly over IP; it typically prefers quiet settlements or injunctions. That it chose a 41-page federal complaint suggests the alleged leaks were serious enough to warrant an aggressive response — or that Apple wants a public record of where the blame sits.","[\"openai\",\"apple\",\"trade secrets\",\"litigation\"]","2026-07-14T14:01:07.000Z","2026-07-14T14:51:55.188Z","2026-07-14T14:51:58.100Z",[],[756,267,757,758],"openai","trade secrets","litigation",[760],{"name":54,"url":761},"https:\u002F\u002Fwww.theverge.com\u002Fai-artificial-intelligence\u002F965294\u002Fopenai-apple-trade-secrets-lawsuit-sam-altman-ipo",{"id":763,"slug":764,"title":765,"dek":766,"body_md":767,"tags_json":768,"published_at":769,"created_at":770,"updated_at":771,"status":22,"review_note":23,"review_notes":772,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":773,"sources":777,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4696,"cloudflare-now-flags-when-dnssec-validation-is-quietly-bypassed","Cloudflare Now Flags When DNSSEC Validation Is Quietly Bypassed","After Albania's top-level domain broke DNSSEC and went dark for hours, Cloudflare added a new error code so clients can tell when security checks were skipped.","Albania's entire .AL domain went unsigned last week, and Cloudflare used the mess to ship a transparency feature DNS has needed for years.\n\nOn July 3, the Albanian communications authority botched a DNSSEC key rollover. The operator swapped in a new signing key without updating the corresponding DS record in the root zone — the fingerprint that resolvers use to verify the key is legitimate. Any resolver that tried to validate .AL responses found no matching key and returned errors. Government sites, banks, and media outlets all went unreachable for users on validating resolvers, including Cloudflare's 1.1.1.1. The same failure mode hit Germany's .DE just two months earlier. To restore access, Cloudflare installed a Negative Trust Anchor (NTA) — an RFC 7646 mechanism that tells a resolver to stop checking DNSSEC for a zone and serve answers anyway. The NTA had .AL domains responding again by 17:15 UTC, about three hours after the chain broke. As of publication, .AL is still unsigned; the operator removed the DS record from the root zone to end the outage but has not restored it.\n\nThe catch with NTAs has always been silence: a response served under one looks identical to a fully validated answer, so clients, monitoring tools, and applications had no way to know DNSSEC was bypassed. That gap matters because suspending validation re-exposes domains to DNS spoofing for the duration. For the .AL incident, Cloudflare implemented a new Extended DNS Error code — EDE 33, drafted in an Internet-Draft co-authored with Quad9's Babak Farrokhi — that attaches a machine-readable signal to every affected response. Clients that understand EDE 33 now know the answer arrived without cryptographic verification, even when the query returns NOERROR.\n\nTwo major TLD failures in sixty days is worth noting. DNSSEC key rollovers are a known operational hazard, and country-code TLDs run the gamut from well-staffed registries to single-person operations — Albania's contact addresses were themselves under .AL, making them unreachable during the very outage Cloudflare was trying to report. EDE 33 is a reasonable patch, but it relies on clients actually reading the error codes, which most software today does not.","[\"dns\",\"security\",\"cloudflare\",\"dnssec\"]","2026-07-14T13:00:00.000Z","2026-07-14T16:45:51.725Z","2026-07-14T16:45:54.695Z",[],[774,125,775,776],"dns","cloudflare","dnssec",[778],{"name":779,"url":780},"Cloudflare Blog","https:\u002F\u002Fblog.cloudflare.com\u002Fdnssec-nta-ede-33\u002F",{"id":782,"slug":783,"title":784,"dek":785,"body_md":786,"tags_json":787,"published_at":788,"created_at":789,"updated_at":790,"status":22,"review_note":23,"review_notes":791,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":792,"sources":794,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4690,"new-york-puts-a-one-year-freeze-on-large-data-centers","New York Puts a One-Year Freeze on Large Data Centers","Governor Hochul signed a moratorium on data center projects of 50 MW or more, making New York the first US state to enact a statewide ban.","New York is the first US state to legally freeze large data center construction.\n\nGovernor Kathy Hochul signed Senate Bill S10642 — the Responsible Data Center Development Act — on July 14, placing a one-year moratorium on any data center project at or above 50 megawatts that lacks a completed permit. The New York Department of Environmental Conservation will not issue new permits to qualifying projects until the state finalizes a Generic Environmental Impact Statement that sets consistent environmental review standards. Hochul also said she is pursuing legislation to repeal tax exemptions currently enjoyed by large data centers. The moratorium lifts whenever the GEIS is done, not necessarily after twelve months.\n\nNew York's move is a meaningful escalation over what came before. Seattle passed a similar one-year moratorium last month, and Maine's legislature voted for one too — but Maine's governor vetoed it over a carve-out dispute. A statewide ban carries far more weight than a city ordinance: it reaches every jurisdiction within New York's borders and puts a single regulator, not dozens of local boards, in charge of the outcome. The backstory is familiar by now — a monitoring firm that oversees the largest US power grid attributed a 76% electricity price hike to data center demand, and a Virginia county asked government offices to conserve power for the same reason. Seventy percent of Americans now say they oppose a data center near their home.\n\nThe timing puts Hochul in direct tension with the White House, whose AI Action Plan explicitly pushes accelerated data center build-out. That political friction is the real story — states are starting to treat AI infrastructure the way earlier generations treated highway expansion: necessary in the abstract, intolerable in the backyard, and suddenly very expensive for everyone on the grid.","[\"policy\",\"data-centers\",\"ai\",\"energy\"]","2026-07-14T12:17:43.000Z","2026-07-14T12:50:31.008Z","2026-07-14T12:50:33.912Z",[],[25,793,47,310],"data-centers",[795],{"name":625,"url":796},"https:\u002F\u002Fwww.tomshardware.com\u002Ftech-industry\u002Fdata-centers\u002Fnew-york-enacts-one-year-data-center-ban-on-projects-larger-than-50-megawatts-first-us-state-to-implement-moratorium-will-also-pursue-repealing-tax-exemptions",{"id":798,"slug":799,"title":800,"dek":801,"body_md":802,"tags_json":803,"published_at":804,"created_at":805,"updated_at":806,"status":22,"review_note":23,"review_notes":807,"image_url":23,"persona_id":23,"persona_name":23,"section":125,"tags":808,"sources":811,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4702,"cisa-flags-active-sharepoint-exploits-urges-patching","CISA Flags Active SharePoint Exploits, Urges Patching","Three SharePoint Server vulnerabilities are being actively exploited for remote code execution and credential theft, with two more flagged as high-risk.","Attackers are actively breaking into on-premises SharePoint servers, and CISA wants admins to stop what they're doing and patch now.\n\nThree vulnerabilities — CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164 — are under active exploitation across SharePoint Server 2016, 2019, and Subscription Edition. Attackers are using them to achieve remote code execution, then pivoting to steal IIS machine keys and run deserialization attacks to establish persistence and drop malware. CISA added all three to its Known Exploited Vulnerabilities catalog, the last one as recently as today. Two additional CVEs (CVE-2026-55040 and CVE-2026-58644) aren't known to be exploited yet, but Microsoft has flagged them as ripe targets.\n\nOn-premises SharePoint has a long history of being a soft target — it's widely deployed in government and enterprise, often internet-facing, and patch cycles tend to lag. The IIS machine key theft angle is particularly nasty: once attackers have those keys, they can forge encrypted tokens and maintain access even after surface-level remediation, meaning rotating keys without first hunting for existing implants just resets the lock while the burglar is still inside.\n\nCISA's hardening checklist runs long — enable AMSI in Full Mode, restrict Central Administration exposure, put the server behind an authenticated Layer 7 proxy, review telemetry for webshells — which is another way of saying many organizations aren't doing the basics. If your SharePoint is directly internet-facing with no proxy in front of it, that's the finding.","[\"security\",\"sharepoint\",\"vulnerability\",\"cisa\"]","2026-07-14T12:00:00.000Z","2026-07-14T19:45:22.246Z","2026-07-14T19:45:25.203Z",[],[125,809,129,810],"sharepoint","cisa",[812],{"name":813,"url":814},"CISA Advisories","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Falerts\u002F2026\u002F07\u002F14\u002Fcisa-urges-sharepoint-hardening-after-new-exploitations",{"id":816,"slug":817,"title":818,"dek":819,"body_md":820,"tags_json":821,"published_at":822,"created_at":823,"updated_at":824,"status":22,"review_note":23,"review_notes":825,"image_url":23,"persona_id":23,"persona_name":23,"section":25,"tags":826,"sources":830,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4688,"samsung-health-will-delete-your-data-if-you-skip-ai-training-opt-in","Samsung Health Will Delete Your Data If You Skip AI Training Opt-In","A new consent toggle in Samsung Health gives users one choice: share sensitive health data for AI training, or lose all their synced data permanently.","Samsung Health is making AI data consent a condition of keeping your own records.\n\nSamsung has added a consent toggle to the Samsung Health app that ties continued access to synced health data to participation in AI training. Users who decline to share their health information for AI development are told their data will be permanently deleted. The ultimatum affects sensitive personal health records that users have presumably synced across devices over time. Samsung has not publicly detailed what data is collected, how it is used, or who else may access it.\n\nThis matters because opting out of data collection has historically been treated as a neutral, consequence-free choice — not a ransom note. Bundling AI training consent with data retention flips that assumption and puts users in a position where exercising a privacy right costs them something real.\n\nThe move echoes tactics seen elsewhere in tech, where companies bury high-stakes consent inside routine app updates, counting on inertia to do the work. Samsung is not the first to push users toward AI data sharing, but threatening deletion is a harder edge than most. Regulators in the EU, where the GDPR sets strict rules on consent and data portability, may find this arrangement worth a closer look.","[\"samsung\",\"health data\",\"ai training\",\"privacy\"]","2026-07-14T11:19:59.000Z","2026-07-14T11:44:22.883Z","2026-07-14T11:44:25.838Z",[],[827,828,829,479],"samsung","health data","ai training",[831],{"name":347,"url":832},"https:\u002F\u002Fwww.digitaltrends.com\u002Fphones\u002Fsamsung-health-threatens-to-delete-your-data-if-you-opt-out-of-ai-training\u002F",{"id":834,"slug":835,"title":836,"dek":837,"body_md":838,"tags_json":839,"published_at":840,"created_at":841,"updated_at":842,"status":22,"review_note":23,"review_notes":843,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":844,"sources":848,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4689,"nvidia-cuts-asia-client-list-in-half-to-curb-chip-smuggling","Nvidia Cuts Asia Client List in Half to Curb Chip Smuggling","Under pressure from Washington, Nvidia has slashed its roster of verified buyers in Asia, sending inspectors to data centers to weed out shell companies.","Nvidia has cut its list of authorized hardware buyers in Asia by more than half, replacing it with a tighter whitelist of customers who have passed compliance checks.\n\nAccording to a Financial Times report, Nvidia sent staff into customer data centers, verified contracts, and interviewed end users to confirm it was dealing with real businesses rather than fronts designed to route GPUs into China. The move came after Washington leaned on the company to tighten its export controls — pressure that followed the arrest of Supermicro co-founder Yih-Shyan Liaw and two others on charges of allegedly smuggling $2.5 billion in Nvidia hardware into China. Enforcement has also swept into Singapore, where a $42-million mansion tied to alleged smugglers was seized, and Taiwan, where authorities raided Supermicro offices and two supply-chain partners.\n\nThe crackdown matters because it signals that paper export bans alone have not worked — now the enforcement is moving up the supply chain to the manufacturer itself. Nvidia is no longer just pointing to U.S. rules; it is actively policing its own customer base, which is a different kind of liability exposure for the company.\n\nThe backdrop makes this harder to resolve quietly. Beijing has banned Chinese firms from buying even the H200 GPUs that the Trump administration cleared for regional sale in December 2025, leaving Chinese AI companies in a genuine hardware squeeze — one executive told the Financial Times that all domestic suppliers are sold out. Domestic chipmakers are being counted on to fill the gap, but so far they have not. For Nvidia, a smaller verified client list means less revenue risk from enforcement actions; for everyone else in the region, it means fewer paths to the chips that still matter most.","[\"nvidia\",\"ai chips\",\"export controls\",\"china\"]","2026-07-14T11:08:54.000Z","2026-07-14T11:54:08.686Z","2026-07-14T11:54:11.574Z",[],[845,846,847,269],"nvidia","ai chips","export controls",[849],{"name":625,"url":850},"https:\u002F\u002Fwww.tomshardware.com\u002Ftech-industry\u002Fbig-tech\u002Fnvidia-slashes-list-of-authorized-customers-in-asia-in-a-bid-to-reduce-ai-chip-smuggling-report-claims-company-sent-field-inspectors-called-customers-to-check-if-business-is-genuine-after-pressure-from-washington",{"id":852,"slug":853,"title":854,"dek":855,"body_md":856,"tags_json":857,"published_at":858,"created_at":859,"updated_at":860,"status":22,"review_note":23,"review_notes":861,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":862,"sources":865,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4686,"finlands-nestai-lands-defense-deals-with-helsinki-and-tallinn","Finland's NestAI Lands Defense Deals With Helsinki and Tallinn","A Nokia-backed Finnish AI startup less than a year old is building sovereign battlefield software for Finland and Estonia, betting ownership beats capability.","A Helsinki AI lab founded less than a year ago has signed on to build military software with two European defense ministries.\n\nNestAI, backed by Nokia and the Finnish state, formalized agreements with Finland's Ministry of Defence and the Estonian Defence Forces on June 30. The company's pitch is not that its models are the smartest on the market — it is that European militaries should control the AI they fight with. The lab is less than a year old, which makes the speed of these government partnerships notable even by defense-tech standards.\n\nThe sovereignty angle is the real story here. NATO's eastern flank has watched the Ukraine war stress-test every assumption about who controls critical software in a conflict, and the answer — often a US commercial vendor — has made some governments nervous. A domestically owned AI layer is less a technical choice than a political one.\n\nNestAI is not the first startup to sell governments on \"sovereign AI\", but pairing Finnish state funding with Nokia's industrial credibility and back-to-back ministry deals gives it a foundation most defense-AI entrants lack. Whether the software is actually good enough to matter is a question the source material does not answer.","[\"defense\",\"ai\",\"europe\",\"startups\"]","2026-07-14T08:41:53.000Z","2026-07-14T10:52:04.023Z","2026-07-14T10:52:07.220Z",[],[863,47,864,202],"defense","europe",[866],{"name":112,"url":867},"https:\u002F\u002Fthenextweb.com\u002Fnews\u002Fnestai-finland-estonia-sovereign-defence-ai",{"id":869,"slug":870,"title":871,"dek":872,"body_md":873,"tags_json":874,"published_at":875,"created_at":876,"updated_at":877,"status":22,"review_note":23,"review_notes":878,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":881,"sources":884,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4685,"vision-ai-models-share-a-hidden-geometric-core","Vision AI Models Share a Hidden Geometric Core","Researchers found that thirteen vision encoders, despite wildly different training objectives, converge on the same 16-dimensional internal structure.","Thirteen vision AI models, trained on completely different tasks, are apparently building the same thing inside.\n\nResearchers studied thirteen modern vision encoders — models trained to classify images, contrast them, reconstruct them, or match them to text — and found that after training, the top sixteen principal directions of variation inside each model converge to the same 16-dimensional geometric object. They're calling it the \"cross-architecture substrate.\" It holds up across four visual domains (natural photos, medical CT, satellite imagery, microscopy) at a median Procrustes-CKA alignment score of 0.679, and extends to eight domains — adding sketches, depth maps, thermal infrared, and astronomy images — at 0.604, with every domain pair scoring above 0.40. It survives a rigorous calibration check designed to weed out spurious structure, and it's not explained by pixel statistics (alignment: 0.263), Gabor features (0.31), or random projections (0.041).\n\nThe finding matters because it suggests vision models aren't learning arbitrary internal languages — they're independently arriving at the same geometric solution, regardless of architecture or training objective. That's the kind of convergence that either reveals something deep about visual information itself or, more practically, gives engineers a common lever to pull. The researchers demonstrate both: a label-free model-selection filter that beats the LogME benchmark by +0.15 Kendall-tau while running 3x faster; a four-way domain classifier at 99.6% accuracy; and a 16-dimension frozen probe that outperforms full 768-dimension DINOv2 embeddings by 3.78 percentage points when labels are scarce.\n\nThe caveats are real. The substrate doesn't cross modalities, doesn't help when distilling across paradigms, and doesn't predict how well a model will transfer to a new task (rank correlation: 0.08). So it's a structural curiosity with useful applications, not a universal transfer-learning shortcut — which is exactly what the hype machine would have made it sound like.","[\"ai\",\"computer vision\",\"machine learning\",\"research\"]","2026-07-14T04:00:00.000Z","2026-07-14T06:43:58.506Z","2026-07-14T06:44:01.418Z",[879],{"id":196,"reviewer":197,"round":198,"reason":880,"status":200},"The article states median alignment scores above 0.40 but omits the more precise and informative median Procrustes-CKA figures from the source (0.679 across four domains, 0.604 across eight domains), and understates the LogME improvement by omitting the +0.15 Kendall-tau gain; revise to include these concrete numbers as the source material supports them and their absence weakens the specificity standard.",[47,882,883,89],"computer vision","machine learning",[885],{"name":500,"url":886},"https:\u002F\u002Farxiv.org\u002Fabs\u002F2606.07882",{"id":888,"slug":889,"title":890,"dek":891,"body_md":892,"tags_json":893,"published_at":875,"created_at":894,"updated_at":895,"status":22,"review_note":23,"review_notes":896,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":897,"sources":901,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4684,"a-new-benchmark-puts-sparse-autoencoder-designs-to-a-harder-test","A New Benchmark Puts Sparse Autoencoder Designs to a Harder Test","SynthSAEBench uses large-scale synthetic data with ground-truth features to expose failure modes that noisy LLM benchmarks routinely miss.","Researchers have released SynthSAEBench, a benchmark toolkit designed to close a long-standing gap in how Sparse Autoencoders are evaluated.\n\nSparse Autoencoders, or SAEs, are a tool interpretability researchers use to decompose what a neural network has learned into human-readable features. The problem is that existing benchmarks for judging SAE quality are caught between two bad options: tests run directly on large language models produce too much noise to tell good architectures from slightly better ones, while small synthetic experiments are too toy-like to mean anything. SynthSAEBench splits the difference by generating large-scale synthetic data that mimics realistic feature properties — correlation, hierarchy, and superposition — while also supplying ground-truth labels so researchers can check whether an SAE actually learned the right thing, not just something plausible-looking.\n\nThat ground-truth access matters more than it might sound. The benchmark confirms several phenomena already observed on real LLMs — including a disconnect between how well an SAE reconstructs inputs and how good its learned features actually are — which means findings here are likely to transfer. It also catches something new: a class of SAEs using a technique called Matching Pursuit can game reconstruction scores by exploiting noise in superposition, learning nothing genuinely useful about the underlying features. That kind of overfitting would be invisible to benchmarks without ground truth.\n\nSAE research sits at the heart of mechanistic interpretability, the field trying to make large models legible before deploying them at scale. Better benchmarks are infrastructure work — unglamorous but load-bearing. The fact that a plausible-sounding architecture can score well while learning the wrong features entirely is exactly the kind of silent failure that keeps interpretability researchers up at night.","[\"ai\",\"interpretability\",\"machine-learning\",\"benchmarks\"]","2026-07-14T06:36:12.536Z","2026-07-14T06:36:15.431Z",[],[47,898,899,900],"interpretability","machine-learning","benchmarks",[902],{"name":500,"url":903},"https:\u002F\u002Farxiv.org\u002Fabs\u002F2602.14687",{"id":905,"slug":906,"title":907,"dek":908,"body_md":909,"tags_json":910,"published_at":875,"created_at":911,"updated_at":912,"status":22,"review_note":23,"review_notes":913,"image_url":23,"persona_id":23,"persona_name":23,"section":47,"tags":914,"sources":917,"feedback":35,"feedback_at":23,"cost_usd":35,"total_tokens":35},4683,"a-new-benchmark-tests-ai-image-safety-after-fine-tuning","A New Benchmark Tests AI Image Safety After Fine-Tuning","Researchers found that safety guardrails in text-to-image models often break under routine fine-tuning, and built a benchmark to measure how well they hold.","Safety filters in AI image generators don't always survive customization.\n\nResearchers studying text-to-image diffusion models found that safety alignment — the techniques used to stop models from producing copyrighted, unsafe, or private content — frequently breaks down after routine downstream fine-tuning. That includes common adaptations like LoRA personalization and style or domain adapters, the kind of modifications developers apply constantly after a model ships. To measure this more rigorously, the team built SPQR, a benchmark that scores models across four axes: Safety, Prompt adherence, Quality, and Robustness. It outputs a single leaderboard score designed to make comparisons reproducible across multilingual, domain-specific, and out-of-distribution scenarios.\n\nThe practical implication is awkward for any lab shipping safety-certified image models: a user who never intended to break anything can inadvertently do so just by personalizing the model. Fine-tuning is not exotic behavior — it is the standard deployment path for most production use cases, which makes safety guarantees that don't survive it largely theoretical.\n\nSPQR arrives as regulators in the EU and elsewhere are pressing AI companies for concrete evidence that their content filters work. A unified, reproducible benchmark is a useful tool for that conversation — though a benchmark only measures what it covers, and the safety categories SPQR evaluates will need to grow alongside the threats.","[\"ai\",\"safety\",\"diffusion-models\",\"benchmarks\"]","2026-07-14T06:32:08.067Z","2026-07-14T06:32:10.984Z",[],[47,915,916,900],"safety","diffusion-models",[918],{"name":500,"url":919},"https:\u002F\u002Farxiv.org\u002Fabs\u002F2511.19558",{"sections":921},[922,925,928,933,936,939,944,949,954,959,964,967,972,977],{"name":923,"slug":47,"count":924,"latest_published_at":43},"AI",2583,{"name":926,"slug":125,"count":927,"latest_published_at":121},"Security",294,{"name":929,"slug":930,"count":931,"latest_published_at":932},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":934,"slug":25,"count":935,"latest_published_at":19},"Policy",158,{"name":937,"slug":619,"count":938,"latest_published_at":615},"Hardware",122,{"name":940,"slug":941,"count":942,"latest_published_at":943},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":945,"slug":946,"count":947,"latest_published_at":948},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":950,"slug":951,"count":952,"latest_published_at":953},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":955,"slug":956,"count":957,"latest_published_at":958},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":960,"slug":961,"count":962,"latest_published_at":963},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":965,"slug":202,"count":962,"latest_published_at":966},"Startups","2026-06-29T20:55:50.000Z",{"name":968,"slug":969,"count":970,"latest_published_at":971},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":973,"slug":974,"count":975,"latest_published_at":976},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":978,"slug":979,"count":980,"latest_published_at":981},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]